libpng: CVE-2010-1205 and CVE-2010-2249

Debian Bug report logs - #587670
libpng: CVE-2010-1205 and CVE-2010-2249

Toggle useless messages

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <geissert@debian.org>

To: submit@bugs.debian.org

Subject: libpng: CVE-2010-1205 and CVE-2010-2249

Date: Wed, 30 Jun 2010 14:07:50 -0500

[Message part 1 (text/plain, inline)]

Source: libpng
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for libpng.

Upstream's announcement:
> Several versions of libpng through 1.4.2 (and through 1.2.43 in the older
> series) contain a bug whereby progressive applications such as web
> browsers (or the rpng2 demo app included in libpng) could receive an extra
> row of image data beyond the height reported in the header, potentially
> leading to an out-of-bounds write to memory (depending on how the
> application is written) and the possibility of execution of an attacker's
> code with the privileges of the libpng user.

For which CVE-2010-1205 was assigned.

>  An additional memory-leak bug, involving images with malformed sCAL
>  chunks, is also present; it could lead to an application crash (denial of
>  service) when viewing such images.

CVE-2010-2249

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry. If possible, please provide packages for 
stable (to be released via the security archive.)
Thanks!

For further information see:
http://www.libpng.org/pub/png/libpng.html
https://bugzilla.redhat.com/CVE-2010-2249

Could you also please investigate the following and tell us what your plans 
are regarding it?
https://bugzilla.redhat.com/show_bug.cgi?id=608644#c10

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

[signature.asc (application/pgp-signature, inline)]

Message #8 received at 587670-done@bugs.debian.org (full text, mbox, reply):

From: Aníbal Monsalve Salazar <anibal@debian.org>

To: 587670-done@bugs.debian.org

Subject: Re: Bug#587670: libpng: CVE-2010-1205 and CVE-2010-2249

Date: Thu, 1 Jul 2010 00:11:06 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 26 Jun 2010 13:32:43 +1000
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source all amd64
Version: 1.2.44-1
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Changes: 
 libpng (1.2.44-1) unstable; urgency=low
 .
   * New upstream release
     Stop memory leak when reading a malformed sCAL chunk
Checksums-Sha1: 
 b3c5769879185c9dd6120a7ef2e90d79c4fec5b0 1823 libpng_1.2.44-1.dsc
 07bd9d67c6e6076416a951451e1b05c2660e9d0d 657967 libpng_1.2.44.orig.tar.bz2
 a6599b2febfd219004e10398134d914be1a43366 15031 libpng_1.2.44-1.debian.tar.bz2
 7e70eab3d0434bdd3e5ebf09ea44c94006c3b6d9 874 libpng3_1.2.44-1_all.deb
 45889fb2b2f47404f33b428138c61886d1cc06fd 180278 libpng12-0_1.2.44-1_amd64.deb
 bd1cd181d479de5cdc1312ee229eb89f2aa25b4c 271442 libpng12-dev_1.2.44-1_amd64.deb
 19fee674d6547417d87d0f91cb9bd3ff16311c87 73540 libpng12-0-udeb_1.2.44-1_amd64.udeb
Checksums-Sha256: 
 7725417355e0ac981dc75335bc92fc029062cef290635099c43efce378a80170 1823 libpng_1.2.44-1.dsc
 b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215 657967 libpng_1.2.44.orig.tar.bz2
 d02303d8bbf26374418dd82d41a9b90d2fd62e92384bbeef00409d32aec1cf12 15031 libpng_1.2.44-1.debian.tar.bz2
 8edf00871531d3c8b666f689387ced75b989588c0fe53a352eb7cca0315822a2 874 libpng3_1.2.44-1_all.deb
 be7846ce568dc5c56fc89bf795b0a7e6b803fed811bf4f8b728f44478c5d8906 180278 libpng12-0_1.2.44-1_amd64.deb
 47db6a111923a60bc3fc7d29a2358b02e4a6c717a9a7d7acb0aa3e7b22b9fa48 271442 libpng12-dev_1.2.44-1_amd64.deb
 4fe4d820caaf50fcec04eb1863bf0b69ea116f811a837184cfb321a8717fd862 73540 libpng12-0-udeb_1.2.44-1_amd64.udeb
Files: 
 0b18253ae318d989c7411c1eb43ee551 1823 libs optional libpng_1.2.44-1.dsc
 e3ac7879d62ad166a6f0c7441390d12b 657967 libs optional libpng_1.2.44.orig.tar.bz2
 94f75fa41b7398e61f691091b14fd9ed 15031 libs optional libpng_1.2.44-1.debian.tar.bz2
 232458475bf8ce321346a41a326131e0 874 oldlibs optional libpng3_1.2.44-1_all.deb
 51a65ffd4379a37bbc56b266087f845d 180278 libs optional libpng12-0_1.2.44-1_amd64.deb
 97ab2b8baeeef7138b5c9d1e40ed01de 271442 libdevel optional libpng12-dev_1.2.44-1_amd64.deb
 607baeafd67c2e26ed9f9590faef38b6 73540 debian-installer extra libpng12-0-udeb_1.2.44-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJMJX2ZAAoJEHxWrP6UeJfYhswP/i5Hq4mih4VDevnXKUP2DWak
1kPfUoaDnfDAJu2FbE+vM8uGoI+QJ+dIoF03yOVSSeLOR+0mdmLDEN4Yu++LWSQl
HmOYhXaj9W26DeTPOHN7929wFEY4V37W75WZkoesJvYVv39dL1DKxVh9m7nFtc7F
xB5miH9ZF6rEdGbzGk451bDzaO2o0DJIjMGQblF9z83A7964JjkSooOXZL9opgrg
qJT2hZotgR9m39cQ647xXlqvNFt+/WxmFgB1OpefalXlbiIHNG3SjuGkO09/fw2z
DYjyBnJLTPrOk99rgZbRW3OW3eyiucVmUgIghFX6WOarLZYA8rRSa7S/2dKwBJ3X
tGDvID74DIV/BlycSATICRrsYkyWnvDEvHzSf35O8WJbFqmpv8/5pK6kLHcNFnVI
Vhkw6aT+UAemVwn4Z9R3N3sfEtbn3FxgkDM6o6MLhB490EBLyYoIk/9NUK8nmRaL
qKpwrfNkQeTqGJPocVM8VBa44Wu2GoiG9X4jYJEzm64bOuhtGyQ79L+Qs5PNu2B8
tMF30g0BmOBx+7z1kEw0bU1j/bAvWAS1S5MqQDK5t/SdvIWRereHOiZ4LT0Hk/q2
Z7gruFUii/5etrH4L/6UnvKOBmbaB2BHY83jLSvCYkGSD4dF3AVRYL/Q3u+ZonQI
jS5HCWiUTnBIazvbSjk2
=b23/
-----END PGP SIGNATURE-----

Message #13 received at 587670-close@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>

To: 587670-close@bugs.debian.org

Subject: Bug#587670: fixed in libpng 1.2.27-2+lenny4

Date: Tue, 20 Jul 2010 01:55:51 +0000

Source: libpng
Source-Version: 1.2.27-2+lenny4

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:

libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb
  to main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb
libpng12-0_1.2.27-2+lenny4_i386.deb
  to main/libp/libpng/libpng12-0_1.2.27-2+lenny4_i386.deb
libpng12-dev_1.2.27-2+lenny4_i386.deb
  to main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_i386.deb
libpng3_1.2.27-2+lenny4_all.deb
  to main/libp/libpng/libpng3_1.2.27-2+lenny4_all.deb
libpng_1.2.27-2+lenny4.diff.gz
  to main/libp/libpng/libpng_1.2.27-2+lenny4.diff.gz
libpng_1.2.27-2+lenny4.dsc
  to main/libp/libpng/libpng_1.2.27-2+lenny4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587670@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 17 Jul 2010 12:03:12 +0200
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source i386 all
Version: 1.2.27-2+lenny4
Distribution: stable-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 587670
Changes: 
 libpng (1.2.27-2+lenny4) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2010-1205: Buffer overflow in pngpread.c (Closes: #587670)
   * Fixed CVE-2010-2249: Memory leak in pngrutil.c
Checksums-Sha1: 
 a7a77a986f3e797dcd0e55874320ab1164b1663b 1201 libpng_1.2.27-2+lenny4.dsc
 6c739cb8c0679c8b9bc8ce51ec062be5b165cd62 21437 libpng_1.2.27-2+lenny4.diff.gz
 9605bbb1af7ed997df40846cf189be686d4a6b0f 166290 libpng12-0_1.2.27-2+lenny4_i386.deb
 5d1dbc062ff5da9c20fba049e4263e0520f4a161 245468 libpng12-dev_1.2.27-2+lenny4_i386.deb
 2780fa284affbbe0980432bac700fe8a28f0ba50 886 libpng3_1.2.27-2+lenny4_all.deb
 7d3f39d36c7a42d66a73157dfb8fe12172aeda50 70118 libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb
Checksums-Sha256: 
 ad04ae77cd05a5d123da213fa7da9d55f5c8dfb5537ff0afe9c58e2203252b05 1201 libpng_1.2.27-2+lenny4.dsc
 b300bff9f0e0dc6b4a13242d163ff885f4c085603fe5cd2f4707a2633a6a0234 21437 libpng_1.2.27-2+lenny4.diff.gz
 9d9ee710696c4f1fec13efc6e4fa5b1d7981314fd649570a82f65e343f487366 166290 libpng12-0_1.2.27-2+lenny4_i386.deb
 dd0ec37f356e8129929ff18b008c527e5c4b9f6391625948b0cce4ce1c8e5db3 245468 libpng12-dev_1.2.27-2+lenny4_i386.deb
 70603045e8f30c61d39be0eb8155fd91e68084298f4cde34d9c22f0a3c87990d 886 libpng3_1.2.27-2+lenny4_all.deb
 36619c44f9cdd4390b3eae3c7e294cce613a474785c5340a417e81a6df4041f9 70118 libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb
Files: 
 518a1f5c30a115dcb732e7499a2cef96 1201 libs optional libpng_1.2.27-2+lenny4.dsc
 43e68a174233314cf49bb204abdd29b6 21437 libs optional libpng_1.2.27-2+lenny4.diff.gz
 70c41d2feb2aff02be6154cea7cec1f4 166290 libs optional libpng12-0_1.2.27-2+lenny4_i386.deb
 8b6e9b5424a8991c05734f90b00182a2 245468 libdevel optional libpng12-dev_1.2.27-2+lenny4_i386.deb
 94643952b104a6f231ed7d710e2ae95d 886 oldlibs optional libpng3_1.2.27-2+lenny4_all.deb
 e7c845ff2e87dc1dc2849ecac4428aa4 70118 debian-installer extra libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxBgZwACgkQNxpp46476arwDgCeNY/lY9b7X3RcfwnmoEDDDF6w
N9UAoICeJB3r9UTyfzOtfPj9HOrN60Sq
=Cn5k
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.