Bug 445487

Summary: libpng a subject to CVE-2008-1382 advisory
Product: [Fedora] Fedora Reporter: Michal Jaegermann <michal>
Component: libpngAssignee: Tom Lane <tgl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: hhorak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://libpng.sourceforge.net/Advisory-1.2.26.txt
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-07 04:58:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Jaegermann 2008-05-07 04:49:45 UTC 
Description of problem:

Quote: "Tavis Ormandy advised us of a bug in libpng in its handling
of unknown chunks with zero data length. We have examined the report
and find that the bug exists in all libpng versions since 1.0.6".

An advisory notes that various versions of ImageMagick are
affected by the bug.  A version 1.2.28 with a fix was released.

Version-Release number of selected component (if applicable):
libpng-1.2.22-1.fc8 (but this is clearly not limited to F8)
Comment 1 Tom Lane 2008-05-07 04:58:25 UTC 
yeah, we've heard of it ... doesn't appear significant enough to mandate a security exercise.

*** This bug has been marked as a duplicate of 441839 ***