Bug 22884

Summary: optipng update (security)
Product: Mageia Reporter: Morgan Leijström <fri>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal    
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://optipng.sourceforge.net/
Whiteboard:
Source RPM: optipng-0.7.6-1.1.mga6.src.rpm CVE:
Status comment:

Description Morgan Leijström 2018-04-09 11:22:09 CEST 
Two security issues exist in version 0.7.6,
According to http://optipng.sourceforge.net/ :

"
You are strongly encouraged to upgrade to the latest version 0.7.7.
Here is a list security-sensitive issues that affect the previous versions: 

Joonun Jang reported a buffer overflow vulnerability in the GIF decoder, discovered by a fuzzer developed by the SoftSec group at KAIST. All versions prior to 0.7.7 that support GIF files (i.e. from version 0.5 to version 0.7.6) are affected.

Jaeseung Choi reported an integer overflow vulnerability in the TIFF decoder. All versions prior to 0.7.7 that support TIFF files (i.e. from version 0.5.3 to version 0.7.6) are affected.
 "
Comment 1 David Walser 2018-04-09 22:44:15 CEST 
Already fixed in Bug 22099.

*** This bug has been marked as a duplicate of bug 22099 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Comment 2 Morgan Leijström 2018-04-09 22:54:01 CEST 
Ah, thanks. I did not understand it was that fix.