Debian Bug report logs - #505399
SA32651: OptiPNG BMP Reader Buffer Overflow Vulnerability

version graph

Package: optipng; Maintainer for optipng is Nelson A. de Oliveira <naoliv@debian.org>; Source for optipng is src:optipng.

Reported by: Raphael Geissert <atomo64@gmail.com>

Date: Wed, 12 Nov 2008 03:06:01 UTC

Severity: grave

Tags: security

Found in version optipng/0.6-1

Fixed in versions 0.6.2-1, optipng/0.6.1.1-1

Done: naoliv@debian.org (Nelson A. de Oliveira)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, naoliv@debian.org (Nelson A. de Oliveira):
Bug#505399; Package optipng. (Wed, 12 Nov 2008 03:06:03 GMT) Full text and rfc822 format available.

Message #3 received at submit@bugs.debian.org (full text, mbox):

From: Raphael Geissert <atomo64@gmail.com>
To: submit@bugs.debian.org
Subject: SA32651: OptiPNG BMP Reader Buffer Overflow Vulnerability
Date: Tue, 11 Nov 2008 21:02:34 -0600
[Message part 1 (text/plain, inline)]
Package: optipng
Severity: grave
Tags: security

Hi,

The following SA (Secunia Advisory) id was published for Nagios.

SA32651[1]:
> A vulnerability has been reported in OptiPNG, which potentially can be
> exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to a boundary error in the BMP reader and
> can be exploited to cause a buffer overflow by tricking a user into
> processing a specially crafted file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability is reported in versions prior to 0.6.2.

If you fix the vulnerability please also make sure to include the SA id (or 
the CVE id when one is assigned) in the changelog entry.

[1]http://secunia.com/Advisories/32651/

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
[signature.asc (application/pgp-signature, inline)]

Bug marked as fixed in version 0.6.2-1. Request was from Nelson A. de Oliveira <naoliv@debian.org> to control@bugs.debian.org. (Wed, 12 Nov 2008 03:57:04 GMT) Full text and rfc822 format available.

Bug marked as found in version 0.6-1. Request was from Nelson A. de Oliveira <naoliv@debian.org> to control@bugs.debian.org. (Wed, 12 Nov 2008 11:09:09 GMT) Full text and rfc822 format available.

Reply sent to naoliv@debian.org (Nelson A. de Oliveira):
You have taken responsibility. (Wed, 12 Nov 2008 22:25:15 GMT) Full text and rfc822 format available.

Notification sent to Raphael Geissert <atomo64@gmail.com>:
Bug acknowledged by developer. (Wed, 12 Nov 2008 22:25:15 GMT) Full text and rfc822 format available.

Message #12 received at 505399-close@bugs.debian.org (full text, mbox):

From: naoliv@debian.org (Nelson A. de Oliveira)
To: 505399-close@bugs.debian.org
Subject: Bug#505399: fixed in optipng 0.6.1.1-1
Date: Wed, 12 Nov 2008 21:47:06 +0000
Source: optipng
Source-Version: 0.6.1.1-1

We believe that the bug you reported is fixed in the latest version of
optipng, which is due to be installed in the Debian FTP archive:

optipng_0.6.1.1-1.diff.gz
  to pool/main/o/optipng/optipng_0.6.1.1-1.diff.gz
optipng_0.6.1.1-1.dsc
  to pool/main/o/optipng/optipng_0.6.1.1-1.dsc
optipng_0.6.1.1-1_i386.deb
  to pool/main/o/optipng/optipng_0.6.1.1-1_i386.deb
optipng_0.6.1.1.orig.tar.gz
  to pool/main/o/optipng/optipng_0.6.1.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 505399@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nelson A. de Oliveira <naoliv@debian.org> (supplier of updated optipng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 12 Nov 2008 08:40:50 -0200
Source: optipng
Binary: optipng
Architecture: source i386
Version: 0.6.1.1-1
Distribution: unstable
Urgency: high
Maintainer: Nelson A. de Oliveira <naoliv@debian.org>
Changed-By: Nelson A. de Oliveira <naoliv@debian.org>
Description: 
 optipng    - advanced PNG (Portable Network Graphics) optimizer
Closes: 505399
Changes: 
 optipng (0.6.1.1-1) unstable; urgency=high
 .
   * New upstream release (kindly provided by Cosmin TruĊ£a, fixing only
     the security issue found in version 0.6.1):
     - fix array overflow in the BMP reader (Closes: #505399). This is Secunia
       Advisory SA32651.
   * Fix broken link /usr/share/doc/optipng/changelog.gz.
Checksums-Sha1: 
 09739b6ffc981f08d04479994551831003303854 1037 optipng_0.6.1.1-1.dsc
 e70d6ac0400dd41fc71d7125e70f75efa0be10bc 108428 optipng_0.6.1.1.orig.tar.gz
 ed7129cfee439b7426dfc26431584867850f9e16 3275 optipng_0.6.1.1-1.diff.gz
 a2114ab433bcf221117de362c6f95ff1c3ea3a99 76276 optipng_0.6.1.1-1_i386.deb
Checksums-Sha256: 
 31debcb91d7372fbae9ffbb92680cf1c1cceb991238afa10f1e855b311d88a73 1037 optipng_0.6.1.1-1.dsc
 ac837556fb617c9e2a570b8b968b505d07ebc1bee46e5314156add922b53b1fa 108428 optipng_0.6.1.1.orig.tar.gz
 0c6c8195fa770ac7e5f668266e542f0027966026e0451ff6a6234c2f2a980eb0 3275 optipng_0.6.1.1-1.diff.gz
 4e78f56268dfcbb59647ded41bdeec2c3293889988c0042772af01cb6596d4aa 76276 optipng_0.6.1.1-1_i386.deb
Files: 
 3cad0afd4e9b96662707756077071e1b 1037 graphics optional optipng_0.6.1.1-1.dsc
 92b94f3c19452ad73efd4a728196e087 108428 graphics optional optipng_0.6.1.1.orig.tar.gz
 ec35eb332fbda2027e50e3286bec7c0e 3275 graphics optional optipng_0.6.1.1-1.diff.gz
 efccdded681fdf6616dabb6e00f4524c 76276 graphics optional optipng_0.6.1.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkbTQoACgkQAQwuptkwlkQO6wCdFgTa3hDy/znW0aECFtF36Wls
4X0AoITf8u7h9YSBH5f0KqzowqQLBS3v
=iOmN
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 16 Dec 2008 07:29:25 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 06:50:38 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.