Debian Bug report logs -
#352902
CVE-2006-0481: PNG_Set_Strip_Alpha Buffer Overflow
Reported by: Geoff Crompton <geoff.crompton@strategicdata.com.au>
Date: Wed, 15 Feb 2006 02:03:01 UTC
Severity: grave
Tags: security, woody
Found in version libpng/1.0.12-3.woody.9
Fixed in version 1.2.8rel-3
Done: Andreas Metzler <ametzler@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Josselin Mouette <joss@debian.org>:
Bug#352902; Package libpng.
(full text, mbox, link).
Acknowledgement sent to Geoff Crompton <geoff.crompton@strategicdata.com.au>:
New Bug report received and forwarded. Copy sent to Josselin Mouette <joss@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libpng
Severity: grave
Justification: user security hole
As seen on http://www.securityfocus.com/bid/16626, there is a buffer overflow.
Redhat have a patch available at:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455
However security focus lists versions 1.0.16, 1.0.17, 1.2.6, and 1.2.7 as
vulnerable, but I see we've got higher versions in sarge.
But I'm unsure if 1.2.8rel-1 is a pre-release version of 1.2.8, and hence
whether it will have this fix or not.
Information forwarded to debian-bugs-dist@lists.debian.org, Josselin Mouette <joss@debian.org>:
Bug#352902; Package libpng.
(full text, mbox, link).
Acknowledgement sent to 352902@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Josselin Mouette <joss@debian.org>.
(full text, mbox, link).
Message #10 received at 352902@bugs.debian.org (full text, mbox, reply):
tags 352902 + security woody
clone 352902 -1
found 352902 1.0.12-3.woody.9
notfound 352902 1.0.18-1
reassign -1 libpng3 1.2.1-1.1.woody.9
notfound -1 1.2.8rel-1
thanks
Le mercredi 15 février 2006 à 12:56 +1100, Geoff Crompton a écrit :
> Package: libpng
> Severity: grave
> Justification: user security hole
>
> As seen on http://www.securityfocus.com/bid/16626, there is a buffer overflow.
>
> Redhat have a patch available at:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455
>
> However security focus lists versions 1.0.16, 1.0.17, 1.2.6, and 1.2.7 as
> vulnerable, but I see we've got higher versions in sarge.
> But I'm unsure if 1.2.8rel-1 is a pre-release version of 1.2.8, and hence
> whether it will have this fix or not.
Only the woody versions are affected. I guess the security team is
already preparing an update.
Regards,
--
.''`. Josselin Mouette /\./\
: :' : josselin.mouette@ens-lyon.org
`. `' joss@debian.org
`- Debian GNU/Linux -- The power of freedom
Tags added: security, woody
Request was from Josselin Mouette <joss@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as found in version 1.0.12-3.woody.9.
Request was from Josselin Mouette <joss@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as not found in version 1.0.18-1.
Request was from Josselin Mouette <joss@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as fixed in version 1.0.18-1, send any further explanations to Geoff Crompton <geoff.crompton@strategicdata.com.au>
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Josselin Mouette <joss@debian.org>:
Bug#352902; Package libpng.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Josselin Mouette <joss@debian.org>.
(full text, mbox, link).
Message #25 received at 352902@bugs.debian.org (full text, mbox, reply):
Josselin Mouette wrote:
> > However security focus lists versions 1.0.16, 1.0.17, 1.2.6, and 1.2.7 as
> > vulnerable, but I see we've got higher versions in sarge.
> > But I'm unsure if 1.2.8rel-1 is a pre-release version of 1.2.8, and hence
> > whether it will have this fix or not.
>
> Only the woody versions are affected. I guess the security team is
> already preparing an update.
I haven't checked that myself yet, but according to upstream the bug was
introduced in 1.2.7?
| Fixed bug, introduced in libpng-1.2.7, that overruns a buffer during
| strip alpha operation in png_do_strip_filler().
Cheers,
Moritz
Reply sent to Daniel Glassey <wdg@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Geoff Crompton <geoff.crompton@strategicdata.com.au>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #30 received at 352902-close@bugs.debian.org (full text, mbox, reply):
Source: gnomesword
Source-Version: 2.1.7-1
We believe that the bug you reported is fixed in the latest version of
gnomesword, which is due to be installed in the Debian FTP archive:
gnomesword_2.1.7-1.dsc
to pool/main/g/gnomesword/gnomesword_2.1.7-1.dsc
gnomesword_2.1.7-1.tar.gz
to pool/main/g/gnomesword/gnomesword_2.1.7-1.tar.gz
gnomesword_2.1.7-1_powerpc.deb
to pool/main/g/gnomesword/gnomesword_2.1.7-1_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 352902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Glassey <wdg@debian.org> (supplier of updated gnomesword package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 20 May 2006 23:23:39 -0500
Source: gnomesword
Binary: gnomesword
Architecture: source powerpc
Version: 2.1.7-1
Distribution: unstable
Urgency: low
Maintainer: Daniel Glassey <wdg@debian.org>
Changed-By: Daniel Glassey <wdg@debian.org>
Description:
gnomesword - Bible study with GNOME
Closes: 352902
Changes:
gnomesword (2.1.7-1) unstable; urgency=low
.
* New upstream release
* Acknowledge NMU, Closes: #352902
Sorry Matej for not acknowledging this before and not noticing the patch
adding the changelog lines in
adding the patch back in and passing it upstream
Files:
ea54a6ebbd8d59e79719de7fbad26d4c 781 gnome optional gnomesword_2.1.7-1.dsc
5ef1085527db0aa22f3acc135929a6ee 2519680 gnome optional gnomesword_2.1.7-1.tar.gz
08e6bafc5c7546c0ce408f50e38cec3c 1928850 gnome optional gnomesword_2.1.7-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEb/JV/offrSwPzRoRAqdPAKC7A4ZQDBZ8Mnb5WrVNgtZ+TscXoACgz/rH
yNk3mzj8SdKbnl3hMN7qroA=
=DFZm
-----END PGP SIGNATURE-----
Bug reopened, originator not changed.
Request was from "Daniel Glassey" <wdg@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as fixed in version 1.2.8rel-3, send any further explanations to Geoff Crompton <geoff.crompton@strategicdata.com.au>
Request was from Andreas Metzler <ametzler@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 08:58:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:59:00 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon