Mandriva issued this advisory today (March 21): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:033 It looks like only libpng 1.2 is affected. Cauldron should be affected as well. We can patch it or update to 1.2.48.
Assignee: bugsquad => fundawang
Blocks: (none) => 5046
New version of package (libpng 1.2.48) pushed in core/updates_testing. Please test
Status: NEW => ASSIGNEDAssignee: fundawang => qa-bugs
Blocks: 5046 => (none)
Advisory: ======================== Updated libpng packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2011-3045). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 https://bugzilla.redhat.com/show_bug.cgi?id=799000 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:033 ======================== Updated packages in core/updates_testing: ======================== libpng-devel-1.2.48-1.mga1 libpng-source-1.2.48-1.mga1 libpng-static-devel-1.2.48-1.mga1 libpng3-1.2.48-1.mga1 from libpng-1.2.48-1.mga1.src.rpm
Test OK x86_64 with xv some.png
Tested OK i586, same procedure Validating. Advisory and SRPM in comment 2 Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
Update pushed.
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED