Debian Bug report logs -
#533676
libpng: CVE-2009-2042 "out-of-bounds pixels" vulnerability
Reported by: Michael S Gilbert <michael.s.gilbert@gmail.com>
Date: Fri, 19 Jun 2009 18:09:04 UTC
Severity: serious
Tags: security
Found in version 1.2.15~beta5-1+etch4
Fixed in version libpng/1.2.27-2+lenny3
Done: Giuseppe Iuculano <iuculano@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#533676; Package libpng.
(Fri, 19 Jun 2009 18:09:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael S Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Fri, 19 Jun 2009 18:09:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libpng
Version: 1.2.15~beta5-1+etch4
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libpng.
CVE-2009-2042[0]:
| libpng before 1.2.37 does not properly parse 1-bit interlaced images
| with width values that are not divisible by 8, which causes libpng to
| include uninitialized bits in certain rows of a PNG file and might
| allow remote attackers to read portions of sensitive memory via
| "out-of-bounds pixels" in the file.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
This is already fixed in the version of unstable. Please coordinate
with the security team to prepare updates for the stable releases.
Thank you.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
http://security-tracker.debian.net/tracker/CVE-2009-2042
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Sat, 17 Apr 2010 14:00:05 GMT) (full text, mbox, link).
Notification sent
to Michael S Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Sat, 17 Apr 2010 14:00:05 GMT) (full text, mbox, link).
Message #10 received at 533676-close@bugs.debian.org (full text, mbox, reply):
Source: libpng
Source-Version: 1.2.27-2+lenny3
We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:
libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
to main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
libpng12-0_1.2.27-2+lenny3_i386.deb
to main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb
libpng12-dev_1.2.27-2+lenny3_i386.deb
to main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb
libpng3_1.2.27-2+lenny3_all.deb
to main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb
libpng_1.2.27-2+lenny3.diff.gz
to main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz
libpng_1.2.27-2+lenny3.dsc
to main/libp/libpng/libpng_1.2.27-2+lenny3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 533676@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libpng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 11 Apr 2010 11:40:33 +0200
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source i386 all
Version: 1.2.27-2+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Closes: 533676 572308
Changes:
libpng (1.2.27-2+lenny3) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
width values that are not divisible by 8, which causes libpng to include
uninitialized bits in certain rows of a PNG file and might allow remote
attackers to read portions of sensitive memory via "out-of-bounds pixels"
in the file (Closes: 533676)
* Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
data that has a disproportionately large uncompressed representation, which
allows remote attackers to cause a denial of service (memory and CPU
consumption, and application hang) via a crafted PNG file (Closes: #572308)
Checksums-Sha1:
ac10acd3f8efd69cc5fbbd7e55203ef0d5e5ae2e 1201 libpng_1.2.27-2+lenny3.dsc
38f09128f75ee5d6aa75862aa4c7421f9e78dbc1 19687 libpng_1.2.27-2+lenny3.diff.gz
cba40031775fa9e1f68dc6f7ec64d2c548b1dfd6 165560 libpng12-0_1.2.27-2+lenny3_i386.deb
2b2799afc21123254c1c4f8cc23a02f685db1dd8 246968 libpng12-dev_1.2.27-2+lenny3_i386.deb
777ae91ecbafa1373426c405131980b728dd41b8 880 libpng3_1.2.27-2+lenny3_all.deb
8ac89dbc40806220dce62850d97af7a5404a4fc1 70094 libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Checksums-Sha256:
d6faba268d2e00c73632b5ad3df2da351dcf82966557e5f7e750a5287165b667 1201 libpng_1.2.27-2+lenny3.dsc
4a5a1ad1b9d98914fd7c10fc2a1cf146847acdf44e6e0477fc16d9fd05e3d333 19687 libpng_1.2.27-2+lenny3.diff.gz
832a13f92f0c62199fdf1584be739f0efe3c2365d4dd2f9e62b66ac8a33b48f0 165560 libpng12-0_1.2.27-2+lenny3_i386.deb
fb9e5141f31f0ea50eea9b21ec79065e78604f6a91b32288028ca1a0d07f3b2e 246968 libpng12-dev_1.2.27-2+lenny3_i386.deb
be470a354466cdedd245d4ca652ba94df4564b6f68ff32eef10c5a46d9cb5e93 880 libpng3_1.2.27-2+lenny3_all.deb
4a5430f9ed571b246bf2ebe96c36e1641147fd0909963a4bf494d5b3f49d5cd7 70094 libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Files:
abe81b0d3c4aa7a1fa418e29f2c5b297 1201 libs optional libpng_1.2.27-2+lenny3.dsc
60ede1843ceb8a1f127c54b847a74dfa 19687 libs optional libpng_1.2.27-2+lenny3.diff.gz
233945ee4b1e442357276431ce495a4c 165560 libs optional libpng12-0_1.2.27-2+lenny3_i386.deb
083d472fd65f884c91dff5926e538342 246968 libdevel optional libpng12-dev_1.2.27-2+lenny3_i386.deb
028b00e28aad8282714776c5dcca64a8 880 oldlibs optional libpng3_1.2.27-2+lenny3_all.deb
769336f4574678e56931e1a1eaf6be6a 70094 debian-installer extra libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvBnUUACgkQNxpp46476ao8qgCcCMk58l27EAR9VZ/MIKCHRceo
L3UAnRHFyBHdCWCUV6bBtFZZ7Kl1TaMg
=oDjc
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 16 May 2010 07:36:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:04:07 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon