Debian Bug report logs - #446308
CVE-2007-5269 remote denial of service via crafted png image files

version graph

Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debian.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Thu, 11 Oct 2007 22:06:02 UTC

Severity: important

Tags: patch, security

Fixed in version libpng/1.2.15~beta5-3

Done: Anibal Monsalve Salazar <anibal@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#446308; Package libpng. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2007-5269 remote denial of service via crafted png image files
Date: Fri, 12 Oct 2007 00:04:32 +0200
[Message part 1 (text/plain, inline)]
Package: libpng
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libpng.

CVE-2007-5269[0]:
| Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
| allow remote attackers to cause a denial of service (crash) via
| crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3)
| tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
| (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds
| read operations.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#446308; Package libpng. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. Full text and rfc822 format available.

Message #10 received at 446308@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 446308@bugs.debian.org
Subject: Re: CVE-2007-5269 remote denial of service via crafted png image files
Date: Sun, 14 Oct 2007 01:42:01 +0200
[Message part 1 (text/plain, inline)]
Hi Anibal!
attached is a patch I backported from the new upstream 
release, prepared for an NMU to fix these issues.
Feel free to just use the patch itself if you have the time 
to upload yourself.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/libpng-1.2.15~beta5-2_1.2.15~beta5-2.1.patch

Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[libpng-1.2.15~beta5-2_1.2.15~beta5-2.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Tags added: patch Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 13 Oct 2007 23:42:02 GMT) Full text and rfc822 format available.

Reply sent to Anibal Monsalve Salazar <anibal@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 446308-close@bugs.debian.org (full text, mbox):

From: Anibal Monsalve Salazar <anibal@debian.org>
To: 446308-close@bugs.debian.org
Subject: Bug#446308: fixed in libpng 1.2.15~beta5-3
Date: Sun, 14 Oct 2007 00:32:03 +0000
Source: libpng
Source-Version: 1.2.15~beta5-3

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:

libpng12-0-udeb_1.2.15~beta5-3_i386.udeb
  to pool/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3_i386.udeb
libpng12-0_1.2.15~beta5-3_i386.deb
  to pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3_i386.deb
libpng12-dev_1.2.15~beta5-3_i386.deb
  to pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3_i386.deb
libpng3_1.2.15~beta5-3_all.deb
  to pool/main/libp/libpng/libpng3_1.2.15~beta5-3_all.deb
libpng_1.2.15~beta5-3.diff.gz
  to pool/main/libp/libpng/libpng_1.2.15~beta5-3.diff.gz
libpng_1.2.15~beta5-3.dsc
  to pool/main/libp/libpng/libpng_1.2.15~beta5-3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 446308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 14 Oct 2007 09:55:00 +1000
Source: libpng
Binary: libpng12-dev libpng12-0 libpng12-0-udeb libpng3
Architecture: source i386 all
Version: 1.2.15~beta5-3
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 446308
Changes: 
 libpng (1.2.15~beta5-3) unstable; urgency=high
 .
   * ACKed NMU.
   * Fixed out-of-bounds read operations triggered by crafted
     png image files (CVE-2007-5269) (Closes: #446308).
 .
 libpng (1.2.15~beta5-2.1) unstable; urgency=high
 .
   * Non-maintainer upload by testing security team.
   * Fixed out-of-bounds read operations triggered by crafted
     png image files (CVE-2007-5269) (Closes: #446308).
Files: 
 467c866f7c70032c27f7733962e590e6 721 libs optional libpng_1.2.15~beta5-3.dsc
 ca2da3da0f5b8ccd63298e3e67f5676b 16114 libs optional libpng_1.2.15~beta5-3.diff.gz
 e20f3ea74149e35988bc19c30167e0f5 187344 libs optional libpng12-0_1.2.15~beta5-3_i386.deb
 4a5842ec72e8259762e83984d9623dc8 170632 libdevel optional libpng12-dev_1.2.15~beta5-3_i386.deb
 8449e3ddc6b857237dd88cb4eb531b8d 888 oldlibs optional libpng3_1.2.15~beta5-3_all.deb
 7b3cceca702dc7deb966d3aba5d46800 68222 debian-installer extra libpng12-0-udeb_1.2.15~beta5-3_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHEWEegY5NIXPNpFURAiZlAJwMIlLn6F1cf6KR3Qf1tX0xVfDI3ACePKIv
qQcLCvQZUOMz7Baqv7sRLHw=
=2cqS
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 16 Nov 2007 07:25:44 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 06:59:51 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.