Bug 211705 - CVE-2006-3334, CVE-2006-5793 libpng 1.2.13 is out there
CVE-2006-3334, CVE-2006-5793 libpng 1.2.13 is out there
Product: Fedora
Classification: Fedora
Component: libpng (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tom Lane
Depends On:
  Show dependency treegraph
Reported: 2006-10-20 18:19 EDT by Henning Norén
Modified: 2013-07-02 23:11 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-12 11:25:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Henning Norén 2006-10-20 18:19:01 EDT
Description of problem:
libpng 1.2.12 has been out there since 2006-06-27 and contains, together with
2.6.11 several fixes for various problems, among others at least one possible
security related.

(from the release notes)
Fix potential buffer overrun in chunk error processing.
Fix 1 potential overflow and 1 out-of-bounds read. Fix some bugs in makefiles.
APPLY PATCH to fix another potential overflow (see KNOWNBUGS1)

Version-Release number of selected component (if applicable):

Additional info:
Comment 1 Till Maas 2006-11-22 08:55:06 EST
2.6.13 is out by now and fixes again a security flaw:

(See: #216706)

This affects also fc6
Comment 2 Till Maas 2006-11-22 08:56:35 EST
(In reply to comment #1)
> 2.6.13 is out by now and fixes again a security flaw:
I mean 1.2.13

Comment 3 Josh Bressers 2006-11-29 15:12:24 EST
There are no known security issues in the libpng shipped in Fedora.  The two CVE
ids in the summary are not considered security issues but simply bugs.  We track
all known CVE ids related to fedora core here:


If there are any CVE ids not mentioned in those files, please open bugs as
Comment 4 Tom Lane 2007-02-12 11:25:00 EST
libpng is updated to 1.2.16 for Fedora 7.  As Josh notes, we don't currently see
a necessity to back-patch this.

Note You need to log in before you can comment on or make changes to this bug.