Bug 3892

Summary: libglpng1 is older than version in MDV 2010.2
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, dmorganec, fundawang, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: libglpng-1.45-4.mga1.src.rpm CVE:
Status comment:

Description David Walser 2011-12-27 02:24:52 CET 
The newest version available in 2010.2/main/updates is libglpng1-1.45-4.1mdv2010.1 so this package doesn't get upgraded when upgrading to Mageia 1.
Comment 1 David Walser 2011-12-27 02:32:26 CET 
This is due to a security patch that was added in the MDV package that was missed by Mageia.  It is also missing in the Cauldron version of this package.  The patch is available in Mandriva's SVN:

http://svn.mandriva.com/svn/packages/cooker/libglpng/current/SOURCES/libglpng-1.45-CVE-2010-1519.diff
David Walser 2011-12-27 02:43:26 CET

Component: RPM Packages => Security

Comment 2 Manuel Hiebel 2011-12-27 02:44:39 CET 
Hi, thanks for reporting this bug.
As there is no maintainer for this package I added the committers in CC.

(Please set the status to 'assigned' if you are working on it)

CC: (none) => dmorganec, fundawang

Comment 3 David Walser 2011-12-27 02:57:21 CET 
The security advisory is here:

http://lists.mandriva.com/security-announce/2010-09/msg00013.php
D Morgan 2011-12-28 03:35:13 CET

Assignee: bugsquad => dmorganec

D Morgan 2011-12-28 03:44:45 CET

Status: NEW => ASSIGNED

Comment 4 D Morgan 2011-12-28 03:51:34 CET 
done and pushed in the BS

Assignee: dmorganec => qa-bugs

Comment 5 Dave Hodgins 2011-12-29 01:24:01 CET 
Testing complete on i586 for the srpm
libglpng-1.45-5.2.mga1.src.rpm

No poc for the cve, so just testing that it works.
According to urpmq --whatrequires libglpng1
the only package using this library is chromium.
The game chromium-bsu works, so testing complete.

CC: (none) => davidwhodgins

Comment 6 David Walser 2011-12-29 01:29:13 CET 
I can second Dave Hodgins' report that it works on i586 by playing chromium-bsu.
Comment 7 Manuel Hiebel 2011-12-31 18:26:07 CET 
Testing complete on x86_64

Advisory
-------------
This update addresses the folloving CVE:

- CVE-2010-1519 
Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF function, leading to heap-based buffer overflows. 
-------------


SRPM: 	libglpng-1.45-5.2.mga1.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 8 Thomas Backlund 2011-12-31 23:10:34 CET 
Update pushed.

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED