I saw this announced early this morning on freecode.com, it is a buffer overflow vulnerability according to upstream. A fix has been issued and Funda has already built it for Mageia 1. Advisory: ======================== Updated libpng packages fix security vulnerabilities: All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57, respectively, fail to correctly validate a heap allocation in png_decompress_chunk(), which can lead to a buffer-overrun and the possibility of execution of hostile code on 32-bit systems (CVE-2011-3026). References: http://www.libpng.org/pub/png/libpng.html http://www.libpng.org/pub/png/src/libpng-1.2.47-README.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 ======================== Updated packages in core/updates_testing: ======================== libpng-devel-1.2.47-1.mga1 libpng-source-1.2.47-1.mga1 libpng-static-devel-1.2.47-1.mga1 libpng3-1.2.47-1.mga1 from libpng-1.2.47-1.mga1.src.rpm
CC: (none) => fundawang
Funda, please assign to QA if this is ready to go. Thanks.
Assignee: bugsquad => qa-bugs
Testing complete on i586 for the srpm libpng-1.2.47-1.mga1.src.rpm As usual for libpng, just testing that xv somefile.png works.
CC: (none) => davidwhodgins
Tested ok x86_64 Update validated. Could sysadmin please push from core/updates_testing to core/updates Advisory etc on comment 0 Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED