Several security vulnerabilities
Bug #226009 reported by
Bryan Donlan
This bug report is a duplicate of:
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling.
Edit
Remove
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libpng (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Confirmed
|
Undecided
|
Unassigned | ||
| Feisty |
Confirmed
|
Undecided
|
Unassigned | ||
| Gutsy |
Confirmed
|
Undecided
|
Unassigned | ||
| Hardy |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
libpng 1.2.27 fixes a number of CVEs including:
* 2006-3334
* 2007-2445
* 2007-5266
* 2007-5267
* 2007-5268
* 2007-5269
* 2008-1382
These are crash bugs. I don't know if they can be used for code execution.
I believe that these bugs justify a stable release update.
This package has already been imported into intrepid.
CVE References
Revision history for this message
| Daniel Holbach (dholbach) wrote | #2 |
Revision history for this message
| Daniel Holbach (dholbach) wrote ACK of sync request | #3 |
| Changed in libpng: | |
| status: | New → Confirmed |
Revision history for this message
| Martin Pitt (pitti) wrote SRU: Please sync libpng 1.2.27-1 from debian unstable (main) | #4 |
| Changed in libpng: | |
| status: | Confirmed → Fix Released |
| status: | New → Fix Released |
| status: | New → Fix Released |
| status: | New → Fix Released |
| status: | New → Fix Released |
Revision history for this message
| Martin Pitt (pitti) wrote | #19 |
| Changed in libpng: | |
| status: | Fix Released → Confirmed |
| status: | Fix Released → Confirmed |
| status: | Fix Released → Confirmed |
| status: | Fix Released → Confirmed |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #20 |
To post a comment you must log in.
Marked non-private as LP#185178 disclosed this months ago, but mixed in a APNG patch that made it inappropriate during freeze.