22884 – optipng update (security)

Bug 22884 - optipng update (security)

Summary: optipng update (security)

Status:	RESOLVED DUPLICATE of bug 22099

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:	http://optipng.sourceforge.net/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-04-09 11:22 CEST by Morgan Leijström
Modified:	2018-04-09 22:54 CEST (History)
CC List:	0 users

See Also:
Source RPM:	optipng-0.7.6-1.1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Morgan Leijström 2018-04-09 11:22:09 CEST

Two security issues exist in version 0.7.6,
According to http://optipng.sourceforge.net/ :

"
You are strongly encouraged to upgrade to the latest version 0.7.7.
Here is a list security-sensitive issues that affect the previous versions: 

Joonun Jang reported a buffer overflow vulnerability in the GIF decoder, discovered by a fuzzer developed by the SoftSec group at KAIST. All versions prior to 0.7.7 that support GIF files (i.e. from version 0.5 to version 0.7.6) are affected.

Jaeseung Choi reported an integer overflow vulnerability in the TIFF decoder. All versions prior to 0.7.7 that support TIFF files (i.e. from version 0.5.3 to version 0.7.6) are affected.
 "

Comment 1 David Walser 2018-04-09 22:44:15 CEST

Already fixed in Bug 22099.

*** This bug has been marked as a duplicate of bug 22099 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Comment 2 Morgan Leijström 2018-04-09 22:54:01 CEST

Ah, thanks. I did not understand it was that fix.

Note You need to log in before you can comment on or make changes to this bug.