Bug 12575 – microb-engine: CVE-2011-3026: Integer overflow in embedded libpng

Bug 12575 - microb-engine: CVE-2011-3026: Integer overflow in embedded libpng


Summary:	microb-engine: CVE-2011-3026: Integer overflow in embedded libpng

Status:	NEW

Product:	Maemo 5 Community SSU
Component:	general
Version:	testing
Platform:	N900 Maemo

Importance:	Unspecified major (vote)
Target Milestone:	---
Assigned To:	unassigned
QA Contact:	general

URL:
Keywords:	security

Depends on:
Blocks:
	Show dependency tree

Reported:	2012-02-20 11:58 UTC by Andre Klapper
Modified:	2013-02-19 21:12 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description Andre Klapper (reporter) maemo.org

2012-02-20 11:58:47 UTC

(Copying from https://bugs.merproject.org/show_bug.cgi?id=185 )

See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3026

Patch:
http://review.merproject.org/gitweb?p=mer-core%2Flibpng.git;a=commit;h=7886febf83e08e43a7d8c462db544bce27272b0a

I didn't check the Maemo codebase as I didn't receive any responses for all the
other security tickets I filed (except for one), so filing this just in case
and not spending too much time to investigate.

Comment 1 Ludek Finstrle 2013-02-19 21:12:46 UTC

freemangordon and me were upgrading libpng and libxml and zlib (as bonus with
some optimizations).
freemangordon also compiled microb-engine againist system libraries instead of
builtin.

It's in CSSU-devel right now.