Bug 32043

Summary: pngcheck new security issues CVE-2020-27818 and CVE-2020-35511
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Barry Jackson <zen25000>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pngcheck-3.0.3-2.mga9.src.rpm CVE:
Status comment:

Description David Walser 2023-06-22 20:59:14 CEST 
Ubuntu has issued an advisory on June 21:
https://ubuntu.com/security/notices/USN-6182-1

Mageia 8 is also affected.
David Walser 2023-06-22 20:59:24 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-06-22 21:10:57 CEST 
BarryJ is the registered maintainer for this, and committed v3.0.3 (last activity on it) - albeit 2y ago! Assigning correspondingly.

Assignee: bugsquad => zen25000

Comment 2 Nicolas Lécureuil 2023-06-27 00:34:07 CEST 
CVE-2020-35511 seems fixed in version 3.0.3

CC: (none) => mageia

Comment 3 Nicolas Lécureuil 2023-06-27 00:42:59 CEST 
after looking at the code, bug CVE-2020-27818 is already in version 3.0.3.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 4 Barry Jackson 2023-06-27 12:23:14 CEST 
Yes, seems like the advisory was only to warn users to update to 3.0.3 which we have.

Closing as invalid then.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 5 David Walser 2023-06-27 14:07:49 CEST 
Indeed, these were fixed in Bug 27658 and Bug 27922.  Not sure how I missed that.