* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml
@ 2010-10-05 21:26 Pierre-Yves Rofes (py)
0 siblings, 0 replies; 5+ messages in thread
From: Pierre-Yves Rofes (py) @ 2010-10-05 21:26 UTC (permalink / raw
To: gentoo-commits
py 10/10/05 21:26:12
Added: glsa-201010-01.xml
Log:
GLSA 201010-01
Revision Changes Path
1.1 xml/htdocs/security/en/glsa/glsa-201010-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.1&content-type=text/plain
Index: glsa-201010-01.xml
===================================================================
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201010-01">
<title>Libpng: Multiple vulnerabilities</title>
<synopsis>
Multiple vulnerabilities in libpng might lead to privilege escalation or a
Denial of Service.
</synopsis>
<product type="ebuild">libpng</product>
<announced>October 05, 2010</announced>
<revised>October 05, 2010: 01</revised>
<bug>307637</bug>
<bug>324153</bug>
<bug>335887</bug>
<access>remote</access>
<affected>
<package name="media-libs/libpng" auto="yes" arch="*">
<unaffected range="ge">1.4.3</unaffected>
<vulnerable range="lt">1.4.3</vulnerable>
</package>
</affected>
<background>
<p>
libpng is a standard library used to process PNG (Portable Network
Graphics) images. It is used by several programs, including web
browsers and potentially server processes.
</p>
</background>
<description>
<p>
Multiple vulnerabilities were found in libpng:
</p>
<ul><li>The
png_decompress_chunk() function in pngrutil.c does not properly handle
certain type of compressed data (CVE-2010-0205)</li>
<li>A buffer
overflow in pngread.c when using progressive applications
(CVE-2010-1205)</li>
<li>A memory leak in pngrutil.c when dealing with
a certain type of chunks (CVE-2010-2249)</li>
</ul>
</description>
<impact type="normal">
<p>
An attacker could exploit these vulnerabilities to cause programs
linked against the library to crash or execute arbitrary code with the
permissions of the user running the vulnerable program, which could be
the root user.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All libpng users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205">CVE-2010-0205</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205">CVE-2010-1205</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249">CVE-2010-2249</uri>
</references>
<metadata tag="requester" timestamp="Sun, 01 Aug 2010 12:51:01 +0000">
craig
</metadata>
<metadata tag="submitter" timestamp="Tue, 28 Sep 2010 18:37:13 +0000">
p-y
</metadata>
<metadata tag="bugReady" timestamp="Tue, 28 Sep 2010 18:37:43 +0000">
p-y
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml
@ 2011-11-10 20:47 Tim Sammut (underling)
0 siblings, 0 replies; 5+ messages in thread
From: Tim Sammut (underling) @ 2011-11-10 20:47 UTC (permalink / raw
To: gentoo-commits
underling 11/11/10 20:47:52
Modified: glsa-201010-01.xml
Log:
GLSA 201010-01 update to correct unaffect software versions
Revision Changes Path
1.2 xml/htdocs/security/en/glsa/glsa-201010-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?r1=1.1&r2=1.2
Index: glsa-201010-01.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- glsa-201010-01.xml 5 Oct 2010 21:26:12 -0000 1.1
+++ glsa-201010-01.xml 10 Nov 2011 20:47:52 -0000 1.2
@@ -1,17 +1,15 @@
-<?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
-<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="/xsl/glsa.xsl"?>
+<?xml-stylesheet type="text/xsl" href="/xsl/guide.xsl"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
-
<glsa id="201010-01">
<title>Libpng: Multiple vulnerabilities</title>
- <synopsis>
- Multiple vulnerabilities in libpng might lead to privilege escalation or a
- Denial of Service.
+ <synopsis>Multiple vulnerabilities in libpng might lead to privilege
+ escalation or a Denial of Service.
</synopsis>
<product type="ebuild">libpng</product>
- <announced>October 05, 2010</announced>
- <revised>October 05, 2010: 01</revised>
+ <announced>November 10, 2011</announced>
+ <revised>November 10, 2011: 2</revised>
<bug>307637</bug>
<bug>324153</bug>
<bug>335887</bug>
@@ -19,63 +17,70 @@
<affected>
<package name="media-libs/libpng" auto="yes" arch="*">
<unaffected range="ge">1.4.3</unaffected>
+ <unaffected range="rge">1.2.46</unaffected>
<vulnerable range="lt">1.4.3</vulnerable>
</package>
</affected>
<background>
- <p>
- libpng is a standard library used to process PNG (Portable Network
- Graphics) images. It is used by several programs, including web
- browsers and potentially server processes.
+ <p>libpng is a standard library used to process PNG (Portable Network
+ Graphics) images. It is used by several programs, including web browsers
+ and potentially server processes.
</p>
</background>
<description>
- <p>
- Multiple vulnerabilities were found in libpng:
- </p>
- <ul><li>The
- png_decompress_chunk() function in pngrutil.c does not properly handle
- certain type of compressed data (CVE-2010-0205)</li>
- <li>A buffer
- overflow in pngread.c when using progressive applications
- (CVE-2010-1205)</li>
- <li>A memory leak in pngrutil.c when dealing with
- a certain type of chunks (CVE-2010-2249)</li>
+ <p>Multiple vulnerabilities were found in libpng:</p>
+
+ <ul>
+ <li>The png_decompress_chunk() function in pngrutil.c does not properly
+ handle certain type of compressed data (CVE-2010-0205)
+ </li>
+ <li>A buffer overflow in pngread.c when using progressive applications
+ (CVE-2010-1205)
+ </li>
+ <li>A memory leak in pngrutil.c when dealing with a certain type of
+ chunks (CVE-2010-2249)
+ </li>
</ul>
</description>
<impact type="normal">
- <p>
- An attacker could exploit these vulnerabilities to cause programs
- linked against the library to crash or execute arbitrary code with the
- permissions of the user running the vulnerable program, which could be
- the root user.
+ <p>An attacker could exploit these vulnerabilities to cause programs linked
+ against the library to crash or execute arbitrary code with the
+ permissions of the user running the vulnerable program, which could be
+ the root user.
</p>
</impact>
<workaround>
- <p>
- There is no known workaround at this time.
- </p>
+ <p>There is no known workaround at this time.</p>
+
</workaround>
<resolution>
- <p>
- All libpng users should upgrade to the latest version:
- </p>
+ <p>All libpng 1.4 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3"
+ </code>
+
+ <p>All libpng 1.2 users should upgrade to the latest version:</p>
+
<code>
- # emerge --sync
- # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3"</code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.46"
+ </code>
+
</resolution>
<references>
- <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205">CVE-2010-0205</uri>
- <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205">CVE-2010-1205</uri>
- <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249">CVE-2010-2249</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205">
+ CVE-2010-0205
+ </uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205">
+ CVE-2010-1205
+ </uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249">
+ CVE-2010-2249
+ </uri>
</references>
- <metadata tag="requester" timestamp="Sun, 01 Aug 2010 12:51:01 +0000">
- craig
- </metadata>
- <metadata tag="submitter" timestamp="Tue, 28 Sep 2010 18:37:13 +0000">
- p-y
- </metadata>
- <metadata tag="bugReady" timestamp="Tue, 28 Sep 2010 18:37:43 +0000">
- p-y
- </metadata>
+ <metadata timestamp="Fri, 07 Oct 2011 22:32:46 +0000" tag="requester">craig</metadata>
+ <metadata timestamp="Thu, 10 Nov 2011 20:46:08 +0000" tag="submitter">system</metadata>
+ <metadata timestamp="Thu, 10 Nov 2011 21:46:11 +0100" tag="bugReady">system</metadata>
</glsa>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml
@ 2011-11-10 21:01 Tim Sammut (underling)
0 siblings, 0 replies; 5+ messages in thread
From: Tim Sammut (underling) @ 2011-11-10 21:01 UTC (permalink / raw
To: gentoo-commits
underling 11/11/10 21:01:26
Modified: glsa-201010-01.xml
Log:
GLSA 201010-01 update to correct initial Release Date; thanks, leio.
Revision Changes Path
1.3 xml/htdocs/security/en/glsa/glsa-201010-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.3&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.3&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?r1=1.2&r2=1.3
Index: glsa-201010-01.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- glsa-201010-01.xml 10 Nov 2011 20:47:52 -0000 1.2
+++ glsa-201010-01.xml 10 Nov 2011 21:01:26 -0000 1.3
@@ -8,7 +8,7 @@
escalation or a Denial of Service.
</synopsis>
<product type="ebuild">libpng</product>
- <announced>November 10, 2011</announced>
+ <announced>October 05, 2010</announced>
<revised>November 10, 2011: 2</revised>
<bug>307637</bug>
<bug>324153</bug>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml
@ 2012-02-21 22:39 Tim Sammut (underling)
0 siblings, 0 replies; 5+ messages in thread
From: Tim Sammut (underling) @ 2012-02-21 22:39 UTC (permalink / raw
To: gentoo-commits
underling 12/02/21 22:39:50
Modified: glsa-201010-01.xml
Log:
Revise GLSA-201010-01 to add libpng-1.2.47 as unaffected.
Revision Changes Path
1.4 xml/htdocs/security/en/glsa/glsa-201010-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?r1=1.3&r2=1.4
Index: glsa-201010-01.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- glsa-201010-01.xml 10 Nov 2011 21:01:26 -0000 1.3
+++ glsa-201010-01.xml 21 Feb 2012 22:39:50 -0000 1.4
@@ -9,7 +9,7 @@
</synopsis>
<product type="ebuild">libpng</product>
<announced>October 05, 2010</announced>
- <revised>November 10, 2011: 2</revised>
+ <revised>February 21, 2012: 4</revised>
<bug>307637</bug>
<bug>324153</bug>
<bug>335887</bug>
@@ -18,6 +18,7 @@
<package name="media-libs/libpng" auto="yes" arch="*">
<unaffected range="ge">1.4.3</unaffected>
<unaffected range="rge">1.2.46</unaffected>
+ <unaffected range="rge">1.2.47</unaffected>
<vulnerable range="lt">1.4.3</vulnerable>
</package>
</affected>
@@ -81,6 +82,6 @@
</uri>
</references>
<metadata timestamp="Fri, 07 Oct 2011 22:32:46 +0000" tag="requester">craig</metadata>
- <metadata timestamp="Thu, 10 Nov 2011 20:46:08 +0000" tag="submitter">system</metadata>
- <metadata timestamp="Thu, 10 Nov 2011 21:46:11 +0100" tag="bugReady">system</metadata>
+ <metadata timestamp="Tue, 21 Feb 2012 22:38:07 +0000" tag="submitter">system</metadata>
+ <metadata timestamp="Tue, 21 Feb 2012 23:38:09 +0100" tag="bugReady">system</metadata>
</glsa>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml
@ 2012-03-30 22:47 Tim Sammut (underling)
0 siblings, 0 replies; 5+ messages in thread
From: Tim Sammut (underling) @ 2012-03-30 22:47 UTC (permalink / raw
To: gentoo-commits
underling 12/03/30 22:47:33
Modified: glsa-201010-01.xml
Log:
Revise GLSA 201010-01 with *>=1.2.49 for bug 410153
Revision Changes Path
1.5 xml/htdocs/security/en/glsa/glsa-201010-01.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml?r1=1.4&r2=1.5
Index: glsa-201010-01.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201010-01.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- glsa-201010-01.xml 21 Feb 2012 22:39:50 -0000 1.4
+++ glsa-201010-01.xml 30 Mar 2012 22:47:33 -0000 1.5
@@ -9,7 +9,7 @@
</synopsis>
<product type="ebuild">libpng</product>
<announced>October 05, 2010</announced>
- <revised>February 21, 2012: 4</revised>
+ <revised>March 30, 2012: 5</revised>
<bug>307637</bug>
<bug>324153</bug>
<bug>335887</bug>
@@ -19,6 +19,7 @@
<unaffected range="ge">1.4.3</unaffected>
<unaffected range="rge">1.2.46</unaffected>
<unaffected range="rge">1.2.47</unaffected>
+ <unaffected range="rge">1.2.49</unaffected>
<vulnerable range="lt">1.4.3</vulnerable>
</package>
</affected>
@@ -82,6 +83,6 @@
</uri>
</references>
<metadata timestamp="Fri, 07 Oct 2011 22:32:46 +0000" tag="requester">craig</metadata>
- <metadata timestamp="Tue, 21 Feb 2012 22:38:07 +0000" tag="submitter">system</metadata>
- <metadata timestamp="Tue, 21 Feb 2012 23:38:09 +0100" tag="bugReady">system</metadata>
+ <metadata timestamp="Fri, 30 Mar 2012 22:45:29 +0000" tag="submitter">system</metadata>
+ <metadata timestamp="Sat, 31 Mar 2012 00:45:31 +0200" tag="bugReady">system</metadata>
</glsa>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-03-30 22:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-10 20:47 [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201010-01.xml Tim Sammut (underling)
-- strict thread matches above, loose matches on Subject: below --
2012-03-30 22:47 Tim Sammut (underling)
2012-02-21 22:39 Tim Sammut (underling)
2011-11-10 21:01 Tim Sammut (underling)
2010-10-05 21:26 Pierre-Yves Rofes (py)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox