Fedora has issued an advisory today (February 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XTD56567QSWLCTKBJNTCF6HB5GLJZCHX/ Mageia 7 is also affected.
Status comment: (none) => Patches available from FedoraWhiteboard: (none) => MGA7TOO
Whiteboard: MGA7TOO => MGA8TOO, MGA7TOO
Hi, thanks for reporting this. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it)
Keywords: (none) => TriagedAssignee: bugsquad => zen25000CC: (none) => ouaurelien
pngcheck-3.0.2-1.mga8 has peen pushed to 8/core/updates_testing ##################### Advisory This update fixes a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). This bug is fixed in version 3.0.2, released on 31 January 2021. ##################### References Fedora issued an advisory on February 9: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XTD56567QSWLCTKBJNTCF6HB5GLJZCHX/ #################### Files affected pngcheck-3.0.2-1.mga8.i586 pngcheck-debuginfo-3.0.2-1.mga8.i586 pngcheck-debugsource-3.0.2-1.mga8.i586 pngcheck-3.0.2-1.mga8.x86_64 pngcheck-debuginfo-3.0.2-1.mga8.x86_64 pngcheck-debugsource-3.0.2-1.mga8.x86_64 Provided by: pngcheck-3.0.2-1.mga8.src.rpm #################### Testing A set of good and faulty .png files are available here: http://www.schaik.com/pngsuite/PngSuite-2017jul19.tgz (Extract to a new folder there are a lot!)
pngcheck-3.0.2-1.mga7 has peen pushed to 7/core/updates_testing ##################### Advisory This update fixes a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). This bug is fixed in version 3.0.2, released on 31 January 2021. ##################### References Fedora issued an advisory on February 9: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XTD56567QSWLCTKBJNTCF6HB5GLJZCHX/ #################### Files affected pngcheck-3.0.2-1.mga7.i586 pngcheck-debuginfo-3.0.2-1.mga7.i586 pngcheck-debugsource-3.0.2-1.mga7.i586 pngcheck-3.0.2-1.mga7.x86_64 pngcheck-debuginfo-3.0.2-1.mga7.x86_64 pngcheck-debugsource-3.0.2-1.mga7.x86_64 Provided by: pngcheck-3.0.2-1.mga7.src.rpm #################### Testing A set of good and faulty .png files are available here: http://www.schaik.com/pngsuite/PngSuite-2017jul19.tgz (Extract to a new folder there are a lot!)
Assignee: zen25000 => qa-bugs
Unless you can convince someone to push this into mga8 core/release, it'll have to wait until we've branched.
Status comment: Patches available from Fedora => Patched in SVNAssignee: qa-bugs => zen25000
pushed in mga8 src: pngcheck-3.0.2-1.mga8
CC: (none) => mageiaAssignee: zen25000 => qa-bugs
Status comment: Patched in SVN => (none)Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8
MGA8 The following package is going to be installed: - pngcheck-3.0.2-1.mga8.x86_64 --- $ pngcheck -t dolley.png $ pngcheck -v dolley.png no errors - still working
CC: (none) => brtians1Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OK
Installed and tested without issues. Tested using find on many png files. No issues noticed. $ find ~/ -ipath '*.png' -exec pngcheck -cq '{}' '+' System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.10.19-desktop-1.mga7 #1 SMP Fri Feb 26 23:48:09 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q pngcheck pngcheck-3.0.2-1.mga7
CC: (none) => mageiaWhiteboard: MGA7TOO MGA8-64-OK => MGA7TOO MGA8-64-OK MGA7-64-OK
Validating. Advisory pushed to SVN. Advisory: ======================== Updated pngcheck packages fix security vulnerabilities This update fixes a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). It also fixes a buffer overrun for certain invalid MNG PPLT chunk contents. References - https://bugs.mageia.org/show_bug.cgi?id=28331 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XTD56567QSWLCTKBJNTCF6HB5GLJZCHX ======================== Updated packages in core/updates_testing: ======================== pngcheck-3.0.2-1.mga7 pngcheck-debuginfo-3.0.2-1.mga7 pngcheck-debugsource-3.0.2-1.mga7 pngcheck-3.0.2-1.mga8 pngcheck-debuginfo-3.0.2-1.mga8 pngcheck-debugsource-3.0.2-1.mga8 from SRPMS pngcheck-3.0.2-1.mga7.src.rpm pngcheck-3.0.2-1.mga8.src.rpm
Keywords: Triaged => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0115.html
Status: NEW => RESOLVEDResolution: (none) => FIXED