Bug 32043 - pngcheck new security issues CVE-2020-27818 and CVE-2020-35511
Summary: pngcheck new security issues CVE-2020-27818 and CVE-2020-35511
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Barry Jackson
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-22 20:59 CEST by David Walser
Modified: 2023-06-27 14:07 CEST (History)
1 user (show)

See Also:
Source RPM: pngcheck-3.0.3-2.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-06-22 20:59:14 CEST 
Ubuntu has issued an advisory on June 21:
https://ubuntu.com/security/notices/USN-6182-1

Mageia 8 is also affected.
David Walser 2023-06-22 20:59:24 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-06-22 21:10:57 CEST 
BarryJ is the registered maintainer for this, and committed v3.0.3 (last activity on it) - albeit 2y ago! Assigning correspondingly.

Assignee: bugsquad => zen25000

Comment 2 Nicolas Lécureuil 2023-06-27 00:34:07 CEST 
CVE-2020-35511 seems fixed in version 3.0.3

CC: (none) => mageia

Comment 3 Nicolas Lécureuil 2023-06-27 00:42:59 CEST 
after looking at the code, bug CVE-2020-27818 is already in version 3.0.3.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 4 Barry Jackson 2023-06-27 12:23:14 CEST 
Yes, seems like the advisory was only to warn users to update to 3.0.3 which we have.

Closing as invalid then.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 5 David Walser 2023-06-27 14:07:49 CEST 
Indeed, these were fixed in Bug 27658 and Bug 27922.  Not sure how I missed that.
Note You need to log in before you can comment on or make changes to this bug.