Bug 12555 - (int-179061) microb-engine: CVE-2010-1205: Buffer overflow in embedded libpng
(int-179061)
: microb-engine: CVE-2010-1205: Buffer overflow in embedded libpng
Status: NEW
Product: Maemo 5 Community SSU
general
: testing
: N900 Maemo
: Unspecified critical (vote)
: ---
Assigned To: unassigned
: general
:
: security
:
:
  Show dependency tree
 
Reported: 2012-01-21 16:24 UTC by Andre Klapper
Modified: 2013-02-19 21:11 UTC (History)
1 user (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Andre Klapper (reporter) maemo.org 2012-01-21 16:24:53 UTC
DESCRIPTION:
See https://www.redhat.com/security/data/cve/CVE-2010-1205.html and
https://bugzilla.redhat.com/show_bug.cgi?id=608238

SOFTWARE VERSION:
21.2011.38-1Tmaemo1.2 (17.01.2012)
microb-engine 20100401-1.9.2-5.2+0m5 as officially shipped

UPSTREAM PATCH for Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=570451
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/a026be4d85e0

UPSTREAM PATCH for libpng:
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18

OTHER COMMENTS:
System library libpng12-0 1.2.37-1maemo3+0m5 is NOT affected by this as this
version includes a fix already.
Comment 1 Ludek Finstrle 2013-02-19 21:11:20 UTC
freemangordon and me were upgrading libpng and libxml and zlib (as bonus with
some optimizations).
freemangordon also compiled microb-engine againist system libraries instead of
builtin.

It's in CSSU-devel right now.