30467 – libpng12 possible new security issues CVE-2017-12652, CVE-2018-14048

Bug 30467 - libpng12 possible new security issues CVE-2017-12652, CVE-2018-14048

Summary: libpng12 possible new security issues CVE-2017-12652, CVE-2018-14048

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Rémi Verschelde
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-05-23 19:02 CEST by David Walser
Modified:	2022-05-23 21:44 CEST (History)
CC List:	0 users

See Also:
Source RPM:	libpng12-1.2.59-3.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-05-23 19:02:28 CEST

Ubuntu has issued an advisory today (May 23):
https://ubuntu.com/security/notices/USN-5432-1

The issues are fixed in libpng 1.6.37, so that package is fine.

The libpng12 package may be affected, which Ubuntu fixed in xenial in 1.2.54-1ubuntu1.1+esm1 (but their patches may not be public since it's esm).

Comment 1 Lewis Smith 2022-05-23 21:44:01 CEST

libpng is registered with akien, so assigning this to you. Although you have not touched it for years (committed the current version in 2018), neither has anybody else: it has been 'quiet'.

Assignee: bugsquad => rverschelde

Note You need to log in before you can comment on or make changes to this bug.