Debian Bug report logs -
#512665
CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero
Reported by: Raphael Geissert <atomo64@gmail.com>
Date: Thu, 22 Jan 2009 17:15:01 UTC
Severity: normal
Tags: security
Found in version libpng/1.2.15~beta5-1
Fixed in versions 1.2.27-2+lenny1, 1.2.35-1
Done: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>
:
Bug#512665
; Package libpng
.
(Thu, 22 Jan 2009 17:15:03 GMT) (full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: libpng
Version: 1.2.15~beta5-1
Severity: normal
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
horde3.
CVE-2008-5907[1]:
> The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and
> 1.2.x before 1.2.34, might allow context-dependent attackers to set the
> value of an arbitrary memory location to zero via vectors involving
> creation of crafted PNG files with keywords, related to an implicit cast of
> the '\0' character constant to a NULL pointer. NOTE: some sources
> incorrectly report this as a double free vulnerability.
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
http://security-tracker.debian.net/tracker/CVE-2008-5907
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>
:
Bug#512665
; Package libpng
.
(Sat, 14 Mar 2009 21:00:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>
:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>
.
(Sat, 14 Mar 2009 21:00:02 GMT) (full text, mbox, link).
Message #8 received at 512665@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
I've prepared a NMU to fix CVE-2008-5907 and CVE-2009-0040 in libpng.
Proposed debdiff in attachment.
Cheers,
Giuseppe.
[libpng_1.2.27-2lenny1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
:
You have taken responsibility.
(Tue, 14 Jun 2011 00:09:08 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <atomo64@gmail.com>
:
Bug acknowledged by developer.
(Tue, 14 Jun 2011 00:09:08 GMT) (full text, mbox, link).
Message #13 received at 512665-done@bugs.debian.org (full text, mbox, reply):
Source: libpng
Version: 1.2.27-2+lenny1
Hi,
This bug already closed in libpng 1.2.27-2+lenny1.
libpng (1.2.27-2+lenny1) stable-security; urgency=high
* Non-maintainer upload.
* debian/patches/03-CVE-2008-5907.diff: update pngwutil.c to properly set
new_key to NULL string. (CVE-2008-5907) (Closes: #512665)
* debian/patches/04-CVE-2009-0040.diff: initialize pointers in pngread.c,
pngrtans.c, pngset.c and example.c (CVE-2009-0040) (Closes: #516256)
-- Giuseppe Iuculano <giuseppe@iuculano.it> Sat, 14 Mar 2009 21:31:31 +0100
I close this bug.
Best regards,
Nobuhiro
Marked as fixed in versions 1.2.35-1.
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org
.
(Sun, 23 Sep 2012 21:03:07 GMT) (full text, mbox, link).
Bug archived.
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org
.
(Sun, 23 Sep 2012 21:03:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:46:55 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.