Mandriva issued this advisory on January 14: http://lists.mandriva.com/security-announce/2011-01/msg00011.php
Hi, thanks for reporting this bug. As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it)
CC: (none) => cazzaniga.sandro, fundawang
just pushed on the BS
CC: (none) => dmorganecAssignee: bugsquad => qa-bugs
Works for me on i586.
Tested complete srpm gif2png-2.5.2-3.1.mga1.src.rpm on Mageia release 1 (Official) for x86_64. Works for me too.
CC: (none) => geiger.david68210
Validating Advisory: ======================== Updated gif2png package fixes security vulnerabilities: Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png (CVE-2009-5018). Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018 (CVE-2010-4694). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4694 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2011:009 ======================== Updated package in core/updates_testing: ======================== gif2png-2.5.2-3.1.mga1 from gif2png-2.5.2-3.1.mga1.src.rpm ======================== Could sysadmin please push from core/updates_testing to core/updates Thank you!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED