Debian Bug report logs -
#665208
Buffer overflow
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 22 Mar 2012 15:52:56 UTC
Severity: grave
Tags: security
Fixed in version libpng/1.2.47-2
Done: Anibal Monsalve Salazar <anibal@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Information forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#665208; Package libpng.
(Thu, 22 Mar 2012 15:53:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Extra info received and forwarded to list. Copy sent to team@security.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 22 Mar 2012 15:53:20 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libpng
Severity: grave
Tags: security
This is CVE-2012-3045:
Fix in Chromium repository:
http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/pngrutil.c?r1=125311&r2=125310&pathrev=125311
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#665208; Package libpng.
(Thu, 22 Mar 2012 16:44:44 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 22 Mar 2012 16:44:44 GMT) (full text, mbox, link).
Message #10 received at 665208@bugs.debian.org (full text, mbox, reply):
On Thu, Mar 22, 2012 at 04:47:00PM +0100, Moritz Muehlenhoff wrote:
> Package: libpng
> Severity: grave
> Tags: security
>
> This is CVE-2012-3045:
>
> Fix in Chromium repository:
> http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/pngrutil.c?r1=125311&r2=125310&pathrev=125311
I'm working on a DSA.
Cheers,
Moritz
Reply sent
to Anibal Monsalve Salazar <anibal@debian.org>:
You have taken responsibility.
(Tue, 27 Mar 2012 01:51:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Tue, 27 Mar 2012 01:51:04 GMT) (full text, mbox, link).
Message #15 received at 665208-close@bugs.debian.org (full text, mbox, reply):
Source: libpng
Source-Version: 1.2.47-2
We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:
libpng12-0-udeb_1.2.47-2_mipsel.udeb
to main/libp/libpng/libpng12-0-udeb_1.2.47-2_mipsel.udeb
libpng12-0_1.2.47-2_mipsel.deb
to main/libp/libpng/libpng12-0_1.2.47-2_mipsel.deb
libpng12-dev_1.2.47-2_mipsel.deb
to main/libp/libpng/libpng12-dev_1.2.47-2_mipsel.deb
libpng3_1.2.47-2_mipsel.deb
to main/libp/libpng/libpng3_1.2.47-2_mipsel.deb
libpng_1.2.47-2.debian.tar.bz2
to main/libp/libpng/libpng_1.2.47-2.debian.tar.bz2
libpng_1.2.47-2.dsc
to main/libp/libpng/libpng_1.2.47-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 665208@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated libpng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Mar 2012 12:04:46 +1100
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source mipsel
Version: 1.2.47-2
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Closes: 665208
Changes:
libpng (1.2.47-2) unstable; urgency=high
.
* Fix Buffer overflow
Fix CVE-2012-3045
Add 02-665208-CVE-2012-3045.patch
Closes: 665208
* Standards Version is 3.9.3
Checksums-Sha1:
ded798bb08721d33bdc9a6243eb06a7b0d61f618 1976 libpng_1.2.47-2.dsc
f4219863309c2999ed4b682ce7cbbdf2b24f903f 16124 libpng_1.2.47-2.debian.tar.bz2
a3958361ea82ecf9c0a6f58e9e6045141f38e5ad 185092 libpng12-0_1.2.47-2_mipsel.deb
dafd4ca7371eb3389aee730926442c701dfe96c6 275504 libpng12-dev_1.2.47-2_mipsel.deb
3afec6daedb3f4add333ebcc3f1ead1c6ac794d7 948 libpng3_1.2.47-2_mipsel.deb
20ae6aa2647c0c1bf8349f4ecbbc0721e76f63e6 71358 libpng12-0-udeb_1.2.47-2_mipsel.udeb
Checksums-Sha256:
74b48ab4d380b3fddd8cadf0aadbf54593997c9bd03a533fc517acf1e7e34523 1976 libpng_1.2.47-2.dsc
38798a98ce0a7700aa9f2fc2600c2378db98c5f1e03afe923e86691a9bd34607 16124 libpng_1.2.47-2.debian.tar.bz2
65f8c7ba7257d508d8341ff30157dadda5b222d8e0c3a10a761d61b7adbdbdec 185092 libpng12-0_1.2.47-2_mipsel.deb
ba208d47f7ccd4c9878e9d3142040edbe98f965bec6842d113a0ade5be42cb31 275504 libpng12-dev_1.2.47-2_mipsel.deb
56fa09788a3493854b556c002d529bc3022dfbabcf7338eb7aa37a08ebd39e26 948 libpng3_1.2.47-2_mipsel.deb
4b8280c40525490dc9950813b238f3d7c4d3d0cdef41730053f14d9d8d6f2eea 71358 libpng12-0-udeb_1.2.47-2_mipsel.udeb
Files:
9fb8286fc0029c442fda4d3706a3de22 1976 libs optional libpng_1.2.47-2.dsc
369e7f13067d2db13ffa48ac2f1109f0 16124 libs optional libpng_1.2.47-2.debian.tar.bz2
bd2f48987e0572e0c545030b1c8ee1b3 185092 libs optional libpng12-0_1.2.47-2_mipsel.deb
2799f8c10d0737c347a99e0e159eabc3 275504 libdevel optional libpng12-dev_1.2.47-2_mipsel.deb
0e163bda715092b3954dc9dc602cdfc7 948 oldlibs optional libpng3_1.2.47-2_mipsel.deb
5a8630d710dd9e28c926416dd77fce0d 71358 debian-installer extra libpng12-0-udeb_1.2.47-2_mipsel.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPcRgPAAoJEHxWrP6UeJfYmkkQAK/H3WFRpY3b0qZshEhoiYyk
nijDvSjrPmbSu17/gXGV85Y9azeepm/JItMnuHRHGMKv3FRRos/hjp28JeEo55B3
ZmvyrTKrgbxubOjcPFuttdwTkxU3YLc+Dt5rwNH9yv9xmj+4PJfUy7i0ktr8666p
UnvU2Cxv28jPsQ7zlSdBlS0XdwyAt9MNavIRpzHlJFJvTiyylI51F6Dk/HxynRAO
P8Xdz/GB6YnpQQL/wBy6oM95J5LUJ6FScJBtDnkHDyY+GdOklq5SykKyWKkDaPmH
UuabbP/Iv9J4fGGO133x8SuZOlZLG8J19fi0o6adjfFe7MIr2vgDjoza9zjJjrPu
5oZJ/RoEelUTxqAOMHfqGN71TnEQWlpMpvNrtfSKU+Y+tkg8mGBfbrs8VbR7VOIE
kxOK1MU9m9BPVUqwvl+Shbj/Pc+56GqJ7RI4pjd4gcCkYiNqndcVlBfqP8D35LBz
upRTfAvNFeEp3Y772SKurnWjYwodla+FpZ/janx+6uFcC3dmlhZmzsXdMfbjReCF
RzTi5aGaFqzJiOodJLMdq6dRnlTgPxGdcMbrg0l7noUgYD3K0qzWOA4LM38yvU01
y+3B+Rr0lJkbOusE/OfRcNcm9EeXr+0NnyCIli8m2g6Qgo7HNxA0FSik++bKXqWM
2YaJfCwgRnTanoKVVGGh
=slY9
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 24 Apr 2012 07:33:22 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:45:45 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon