Bug 30467

Summary: libpng12 possible new security issues CVE-2017-12652, CVE-2018-14048
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: RĂ©mi Verschelde <rverschelde>
Status: NEW --- QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libpng12-1.2.59-3.mga9.src.rpm CVE:
Status comment:

Description David Walser 2022-05-23 19:02:28 CEST 
Ubuntu has issued an advisory today (May 23):
https://ubuntu.com/security/notices/USN-5432-1

The issues are fixed in libpng 1.6.37, so that package is fine.

The libpng12 package may be affected, which Ubuntu fixed in xenial in 1.2.54-1ubuntu1.1+esm1 (but their patches may not be public since it's esm).
Comment 1 Lewis Smith 2022-05-23 21:44:01 CEST 
libpng is registered with akien, so assigning this to you. Although you have not touched it for years (committed the current version in 2018), neither has anybody else: it has been 'quiet'.

Assignee: bugsquad => rverschelde