Debian Bug report logs -
#667475
[libpng12-0] CVE-2011-3048: memory corruption flaw
Reported by: Mario Palomo <mariopal@gmail.com>
Date: Wed, 4 Apr 2012 10:57:01 UTC
Severity: normal
Tags: security
Found in version libpng/1.2.47-2
Fixed in versions libpng/1.2.49-1, libpng/1.5.10-1
Done: Anibal Monsalve Salazar <anibal@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#667475; Package libpng12-0.
(Wed, 04 Apr 2012 10:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Mario Palomo <mariopal@gmail.com>:
New Bug report received and forwarded. Copy sent to secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Wed, 04 Apr 2012 10:57:13 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libpng12-0
Version: 1.2.47-2
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
CVE-2011-3048 is fixed in the following libpng versions: 1.0.59, 1.2.49, 1.4.11,
1.5.10 and 1.6.0beta20. Can you upgrade to version 1.2.49?
--- System information. ---
Architecture: amd64
Kernel: Linux 3.2.0-2-amd64
Debian Release: wheezy/sid
500 unstable www.emdebian.org
500 unstable http.us.debian.org
500 stable security.debian.org
--- Package information. ---
Depends (Version) | Installed
========================-+-=============
libc6 (>= 2.11) | 2.13-27
zlib1g (>= 1:1.1.4) | 1:1.2.6.dfsg-2
Package's Recommends field is empty.
Package's Suggests field is empty.
Reply sent
to Anibal Monsalve Salazar <anibal@debian.org>:
You have taken responsibility.
(Mon, 09 Apr 2012 03:06:03 GMT) (full text, mbox, link).
Notification sent
to Mario Palomo <mariopal@gmail.com>:
Bug acknowledged by developer.
(Mon, 09 Apr 2012 03:06:04 GMT) (full text, mbox, link).
Message #10 received at 667475-close@bugs.debian.org (full text, mbox, reply):
Source: libpng
Source-Version: 1.2.49-1
We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:
libpng12-0-udeb_1.2.49-1_mipsel.udeb
to main/libp/libpng/libpng12-0-udeb_1.2.49-1_mipsel.udeb
libpng12-0_1.2.49-1_mipsel.deb
to main/libp/libpng/libpng12-0_1.2.49-1_mipsel.deb
libpng12-dev_1.2.49-1_mipsel.deb
to main/libp/libpng/libpng12-dev_1.2.49-1_mipsel.deb
libpng3_1.2.49-1_mipsel.deb
to main/libp/libpng/libpng3_1.2.49-1_mipsel.deb
libpng_1.2.49-1.debian.tar.bz2
to main/libp/libpng/libpng_1.2.49-1.debian.tar.bz2
libpng_1.2.49-1.dsc
to main/libp/libpng/libpng_1.2.49-1.dsc
libpng_1.2.49.orig.tar.bz2
to main/libp/libpng/libpng_1.2.49.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 667475@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated libpng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 09 Apr 2012 12:08:13 +1000
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source mipsel
Version: 1.2.49-1
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Closes: 667475 668082
Changes:
libpng (1.2.49-1) unstable; urgency=high
.
* New upstream version 1.2.49
- Fix CVE-2011-3048 (memory corruption flaw)
Closes: 667475
- Don't crash with electric fence memory debugger
Closes: 668082
* Merged upstream: 02-665208-CVE-2012-3045.patch
Checksums-Sha1:
97bc62e067dd4f028dca4cafc37ca889eed077b5 1976 libpng_1.2.49-1.dsc
93cdd7e4fe01b490cf045e3f354ab38f0200c540 669011 libpng_1.2.49.orig.tar.bz2
b66e6fbaa296a21a2c19922393111c0f1b503a0e 15926 libpng_1.2.49-1.debian.tar.bz2
954068cd8d070e297f4bf0ffdcc636b6db112b9d 184718 libpng12-0_1.2.49-1_mipsel.deb
6af14f453cccb01fd66bd2343c409c1ce5ca3b02 274834 libpng12-dev_1.2.49-1_mipsel.deb
ce0ee517ecd9be13b4543b8d950bec4797ef3e50 950 libpng3_1.2.49-1_mipsel.deb
fc7edba93fef4acbcf7c9b48000f3dae11a245e1 70266 libpng12-0-udeb_1.2.49-1_mipsel.udeb
Checksums-Sha256:
de69dd0f9a8b4758d991cafb43afbec6c92f1e9c175e48ad399cd28273c2d309 1976 libpng_1.2.49-1.dsc
fbf8faa70ebca2ed2ee6df6f2249f4722517b581af5b6c3c71bbdaf925d5954e 669011 libpng_1.2.49.orig.tar.bz2
02c9d8ae3e62eb7fc7848827957b23f0b3120f59c9254b255417d371a2f17929 15926 libpng_1.2.49-1.debian.tar.bz2
16977d7395735909a35168a45581e7ab3a911e24ff6f08fa2e2804d0232599a2 184718 libpng12-0_1.2.49-1_mipsel.deb
fe34f6ee1dcba4428005363115830b69ea4ed3de2d4a4299025faca525c78425 274834 libpng12-dev_1.2.49-1_mipsel.deb
2c6f73ee7ec6a3b981a7da6ddee169f031a85735ede482b9db68b643a89a1450 950 libpng3_1.2.49-1_mipsel.deb
a1ee89fc2f4c2c7c97d24f929599c4d5bb74f33b9161815484cc1d550acf830e 70266 libpng12-0-udeb_1.2.49-1_mipsel.udeb
Files:
e76f6a73dc3957d394277c502c23728b 1976 libs optional libpng_1.2.49-1.dsc
d5106b70b4f8b464a7da66bffe4565fb 669011 libs optional libpng_1.2.49.orig.tar.bz2
255fa917ea45c837c1635de4eee936d5 15926 libs optional libpng_1.2.49-1.debian.tar.bz2
5df8b116c4dbabb51226cf0c0c1e1fbd 184718 libs optional libpng12-0_1.2.49-1_mipsel.deb
074dc66c38daca0d1148127bd2e2b9bd 274834 libdevel optional libpng12-dev_1.2.49-1_mipsel.deb
5c1434b8e011f72ade7412b72ebf5d29 950 oldlibs optional libpng3_1.2.49-1_mipsel.deb
f789f9da1a18de2dc464bf54657f0409 70266 debian-installer extra libpng12-0-udeb_1.2.49-1_mipsel.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPgk6CAAoJEHxWrP6UeJfYB04P/0fgXdXUf/RyzPSw1vAadaSM
j3bPqqfwNIDA88fEGAPtF5MfMDBjFZwzmXj3Lpjr5NBCVDPVA44Yb7e3pjVW9IkG
XCUgl2J0us0q/8XcITMe2y7wY9WgKweZfj/rpPGB/ED2M3hYZ/VJXp0Ib/Fv4ztY
2hmqEjtP5aqhOfCDwEA7GZKM+aE1ZdakRZZ6vZMw7+rHlywfWLDRUdxcZVk4Fhlj
eeHIQTRDZNA77+tvGBP6FScbwGi82rEI/Ns5r6Xj7G9cMPcqkDylTay+p/aHv35a
fI9//B0UChmrVxnL6MP6Huf8f0dVExQQrpEfWT1+7MLPRMsHuC7IxNUV0s6P3nV/
Hs9fJyI8bCfBhU09WmZV+pXf5b6S5dqEIL+kosPxjUyRqI1fMK4aTyhPe8McaGwj
YVI3ZetqoaOcBOMjw3YroTpTyxAYwpprSWbyaOtZHUyLlNEIZ9MVX4N1RL7wVet+
9VUkQPFBU7iMy51hFcsu/t9FMpNaYnBqmwd1jMWfjgnDWS32SMLfxKboxAZvjM9V
rDNvh9CFDSRJSP4VCEjipkvXd/JnTcgbskO45pox5JXhHG9Ye3BAm728IkaAgfUL
uJfamXJWGhDBIo1ORyx1e7ZX2eqZZjNW9ILUtkPYf7+Gq86nvwloEwlzeph5yykd
eqbfD373LBcmBm6wAeAK
=JLWT
-----END PGP SIGNATURE-----
Reply sent
to Anibal Monsalve Salazar <anibal@debian.org>:
You have taken responsibility.
(Mon, 09 Apr 2012 03:51:06 GMT) (full text, mbox, link).
Notification sent
to Mario Palomo <mariopal@gmail.com>:
Bug acknowledged by developer.
(Mon, 09 Apr 2012 03:51:06 GMT) (full text, mbox, link).
Message #15 received at 667475-close@bugs.debian.org (full text, mbox, reply):
Source: libpng
Source-Version: 1.5.10-1
We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:
libpng-dev_1.5.10-1_mipsel.deb
to main/libp/libpng/libpng-dev_1.5.10-1_mipsel.deb
libpng15-15-udeb_1.5.10-1_mipsel.udeb
to main/libp/libpng/libpng15-15-udeb_1.5.10-1_mipsel.udeb
libpng15-15_1.5.10-1_mipsel.deb
to main/libp/libpng/libpng15-15_1.5.10-1_mipsel.deb
libpng_1.5.10-1.debian.tar.bz2
to main/libp/libpng/libpng_1.5.10-1.debian.tar.bz2
libpng_1.5.10-1.dsc
to main/libp/libpng/libpng_1.5.10-1.dsc
libpng_1.5.10.orig.tar.bz2
to main/libp/libpng/libpng_1.5.10.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 667475@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated libpng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 09 Apr 2012 13:29:39 +1000
Source: libpng
Binary: libpng15-15 libpng-dev libpng15-15-udeb
Architecture: source mipsel
Version: 1.5.10-1
Distribution: experimental
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description:
libpng-dev - PNG library - development
libpng15-15 - PNG library - runtime
libpng15-15-udeb - PNG library - minimal runtime library (udeb)
Closes: 667475
Changes:
libpng (1.5.10-1) experimental; urgency=high
.
* New upstream version 1.5.10
- Fix CVE-2011-3048 (memory corruption flaw)
Closes: 667475
* Standards Version is 3.9.3
Checksums-Sha1:
07e4c5daa3e41d9c3e399c869e0c303f396e39a0 1923 libpng_1.5.10-1.dsc
e0e3de999095b737d134bd5f76d27188d26a41b2 875183 libpng_1.5.10.orig.tar.bz2
1fa9215f81bfdfa8284a44e4eeda46da7448b2c7 15874 libpng_1.5.10-1.debian.tar.bz2
a0da0a9a903d59b94f4644457055918d07d74c02 231398 libpng15-15_1.5.10-1_mipsel.deb
6676d7ec9bdf6e73a61f26311bfef467abff1285 314804 libpng-dev_1.5.10-1_mipsel.deb
75b1d0a9ca2a4d9a2fafeaad0dd54f0c4a706914 79696 libpng15-15-udeb_1.5.10-1_mipsel.udeb
Checksums-Sha256:
bdd876ea3e8c2444b4801069c7fbc0a19ab0a24eb68735a0faea2cbfcb2bf9e9 1923 libpng_1.5.10-1.dsc
4d044852d3fbe5c0fad51f80f3f9bd519a6d5e1997079b165aa2292bd706cd5d 875183 libpng_1.5.10.orig.tar.bz2
9a143cbf6330b6563070094bdb2b6800dffb3ec4832ffca1519c1bc724cbf0f7 15874 libpng_1.5.10-1.debian.tar.bz2
6ee938b38a7e0d13d9454701206eaa82786ed78a34b5eb9d698c9bcd9125b63e 231398 libpng15-15_1.5.10-1_mipsel.deb
70419d341e0aface94d98f028d291f5569f067d8793de72151c94d7a9b3c90bb 314804 libpng-dev_1.5.10-1_mipsel.deb
0865e19fe56e793d7590f7502c720fede5ef3fd98fad378c21a05c915f8685cb 79696 libpng15-15-udeb_1.5.10-1_mipsel.udeb
Files:
dbc79957344654381d1cd43ce39f896f 1923 libs optional libpng_1.5.10-1.dsc
f4395eaf426bdd870446c246df307aae 875183 libs optional libpng_1.5.10.orig.tar.bz2
2bd5931aac0601710006e13cdaef800a 15874 libs optional libpng_1.5.10-1.debian.tar.bz2
1a8f27d9029b8eb1f3eac1418917f130 231398 libs optional libpng15-15_1.5.10-1_mipsel.deb
e524c8f2bb9af992426dfbb1ef9e21fc 314804 libdevel optional libpng-dev_1.5.10-1_mipsel.deb
93d515433f2211e3cedef5e985c9485c 79696 debian-installer extra libpng15-15-udeb_1.5.10-1_mipsel.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPglrRAAoJEHxWrP6UeJfYC/YP/0setMYuwWlDyf/64+ERPAQ7
WlSOzEx3TmBw1GxOA7iiyQZtpiSGhUeqZRIeJSEJEVLg/HOYQgVpTdaPRSHpkI8Z
Atq9HMMeuoOXtQwRRhf2TbUY6KnLFEfrjyQGdfLuUV1uKwt2v30fddboRslJ5vAH
qjY36IIlnOL88vRbO0vv4eMDHI2OhEFaC6OAM1dIj0caxGS67oQXkoIwWbvx/NxW
efBTA+9VUld8EDvkUCSFNrQ1QmYPNKr2+AwQQn/KbNrxxKoBBlkblrtFY8LjEVqP
gvDF7q4d3iSEc64lU+95+Sy4ajTvUn+97uolJV8NQrP0xQ6GnSRTdRKB683Mu4gf
w/ndGpXucUzNZXYNO0PfcjdSgfLCTcHonAfbhSbNJsv5cfpWkJBGUb76yxyt+2y8
HoE/E31fZApTfZMmsVng60bw03ssz+FRnyeLFa6NEFFdgU6ZJbKgZliJ7f+togMC
imteSh9ILzxhLzjBsIFklEWxltkijceIX2ALS4ePxlVj+ARinD+tGt1EIPd3sSgL
YqvppNT24EOBV/l3ZCYh0gK9rC1HwXvTyro5NTDKv7zgfz70CN4vEHKr9/GAwDgV
1DPxA9K7AbHAilHrwlYMeUIYVSAKFA07qa1GcneXbzyN1zgEp98xxIBxVep7RAMR
1hq4GZxAQnrRiTQ8Euw5
=prVM
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 09 May 2012 07:43:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:30:28 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon