Bug 19170 - libpng minor bugs fixed in 1.6.25
Summary: libpng minor bugs fixed in 1.6.25
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA5-64-OK advisory
Keywords: validated_update
Depends on:
Blocks: 19441
  Show dependency treegraph
 
Reported: 2016-08-10 20:03 CEST by David Walser
Modified: 2016-09-28 08:00 CEST (History)
5 users (show)

See Also:
Source RPM: libpng-1.6.22-1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-08-10 20:03:25 CEST 
Version 1.6.24 has been released on August 4:
https://sourceforge.net/p/png-mng/mailman/message/35259826/

It sounds like the security issues only would impact some applications that use the APIs a certain way.

We should update this when the apng patch for 1.6.24 is available.

There was also a bugfix release 1.6.23:
https://sourceforge.net/p/png-mng/mailman/message/35147763/
Marja Van Waes 2016-08-10 22:12:38 CEST

CC: (none) => marja11, pkg-bugs
Assignee: bugsquad => fundawang

Comment 1 David Walser 2016-09-23 22:02:27 CEST 
Updated packages uploaded for Mageia 5 and Cauldron.

I'll update it again to 1.6.25:
https://sourceforge.net/p/png-mng/mailman/message/35324586/

(feedback tag pending update to 1.6.25)

Advisory:
----------------------------------------

The libpng package has been updated to version 1.6.25 to fix various bugs. See
the release announcements for details.

References:
https://sourceforge.net/p/png-mng/mailman/message/35147763/
https://sourceforge.net/p/png-mng/mailman/message/35259826/
https://sourceforge.net/p/png-mng/mailman/message/35324586/
----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
libpng16_16-1.6.25-1.mga5
libpng-devel-1.6.25-1.mga5

from libpng-1.6.25-1.mga5.src.rpm

Version: Cauldron => 5
Blocks: (none) => 19441
Assignee: fundawang => qa-bugs
Whiteboard: (none) => feedback

Comment 2 David Walser 2016-09-23 22:03:32 CEST 
Changing this to a bugfix update.  The main libpng website doesn't list these as security updates, so I guess the bugs were just in the example programs and not the library.

Component: Security => RPM Packages
Summary: libpng minor security issues fixed in 1.6.24 => libpng minor bugs fixed in 1.6.25
QA Contact: security => (none)

Comment 3 David Walser 2016-09-23 23:43:26 CEST 
Update to 1.6.25 is now available.

Whiteboard: feedback => (none)

Comment 4 Len Lawrence 2016-09-25 19:47:28 CEST 
Testing this for x86_64

Updated the libraries from Core Updates Testing.

urpmq shows that the library is required by no less than 329 packages.
Used ImageMagick and gif2png to manipulate a selection of images.
display *.png
gif2png any.gif, display any.png
Converted formats SVG, JPEG, XPM, ICO to PNG and all resultant PNG images displayed correctly.
Converted a variety of PNG images to JPEG, XPM, SVG and GIF. 
Conversion to TIFF does not work but that may never have been supported; TIFF images contain far more information than other formats - the format was designed for high resolution content.

This update is OK.

CC: (none) => tarazed25

Len Lawrence 2016-09-25 19:48:06 CEST

Whiteboard: (none) => MGA5-64-OK

Dave Hodgins 2016-09-28 04:33:51 CEST

Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK => MGA5-64-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Mageia Robot 2016-09-28 08:00:06 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGAA-2016-0115.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.