A CVE has been assigned for an issue in libpng12: http://openwall.com/lists/oss-security/2015/12/11/1 It will be fixed in 1.2.56, which hasn't been released yet. Reproducible: Steps to Reproduce:
Updated packages uploaded for Mageia 5 and Cauldron. libpng12 can be tested using xv. Advisory: ======================== Updated libpng12 packages fix security vulnerability: There is a underflow read in png_check_keyword() in pngwutil.c in libpng 1.2.x before 1.2.56 (CVE-2015-8540). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472 http://openwall.com/lists/oss-security/2015/12/11/1 ======================== Updated packages in core/updates_testing: ======================== libpng12_0-1.2.55-1.mga5 libpng12-devel-1.2.55-1.mga5 from libpng12-1.2.56-1.mga5.src.rpm
Assignee: bugsquad => qa-bugsWhiteboard: (none) => has_procedure
URL: (none) => http://lwn.net/Vulnerabilities/668545/
I updated to libpng12_0-1-2.56-1 Loaded png - save png loaded png - save bmp This is working as designed. [root@localhost brian]# urpmi libpng12_0 Package libpng12_0-1.2.56-1.mga5.i586 is already installed Linux localhost 4.1.13-desktop586-2.mga5 #1 SMP Wed Nov 11 00:50:24 UTC 2015 i686 i686 i686 GNU/Linux
CC: (none) => brtians1Whiteboard: has_procedure => has_procedure MGA5-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0489.html
Status: NEW => RESOLVEDResolution: (none) => FIXED