stable update request: Bug#424729: libpng: CVE-2007-2445 VU#684664

[Aníbal Monsalve Salazar <anibal@debian.org>]

Hello,

Please consider to update libpng in stable

Best Regards,

Aníbal Monsalve Salazar
-- 
http://v7w.com/anibal

--- Begin Message ---

• To: Anibal Monsalve Salazar <anibal@debian.org>
• Subject: Bug#424729: marked as done (libpng: CVE-2007-2445 VU#684664: a grayscale image with a malformed tRNS chunk crashes libpng and mozilla)
• From: owner@bugs.debian.org (Debian Bug Tracking System)
• Date: Thu, 17 May 2007 00:48:10 +0000
• Message-id: <handler.424729.D424729.11793628348749.ackdone@bugs.debian.org>
• References: <E1HoU91-0000xp-0b@ries.debian.org> <20070517000247.GO20882@debianrules.debiancolombia.org>

Your message dated Thu, 17 May 2007 00:47:03 +0000
with message-id <E1HoU91-0000xp-0b@ries.debian.org>
and subject line Bug#424729: fixed in libpng 1.2.15~beta5-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: libpng: CVE-2007-2445 VU#684664: a grayscale image with a malformed tRNS chunk crashes libpng and mozilla
• From: Aníbal Monsalve Salazar <anibal@debian.org>
• Date: Thu, 17 May 2007 10:02:47 +1000
• Message-id: <20070517000247.GO20882@debianrules.debiancolombia.org>

Package: libpng
Severity: serious
Tags: patch security

CVE-2007-2445
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445

CERT Vulnerability Note VU#684664
http://www.kb.cert.org/vuls/id/684664

It seems that a grayscale image with a malformed (bad CRC) tRNS
chunk will crash libpng and mozilla.

The following patch fixes this problem:

--- pngrutil.c	2006-12-08 12:21:12.000000000 +1100
+++ pngrutil.c	2007-05-09 17:19:54.000000000 +1000
@@ -1314,7 +1314,10 @@
    }
 
    if (png_crc_finish(png_ptr, 0))
+   {
+      png_ptr->num_trans = 0;
       return;
+   }
 
    png_set_tRNS(png_ptr, info_ptr, readbuf, png_ptr->num_trans,
       &(png_ptr->trans_values));

Aníbal Monsalve Salazar
--
http://v7w.com/anibal

Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

• To: 424729-close@bugs.debian.org
• Subject: Bug#424729: fixed in libpng 1.2.15~beta5-2
• From: Anibal Monsalve Salazar <anibal@debian.org>
• Date: Thu, 17 May 2007 00:47:03 +0000
• Message-id: <E1HoU91-0000xp-0b@ries.debian.org>

Source: libpng
Source-Version: 1.2.15~beta5-2

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:

libpng12-0-udeb_1.2.15~beta5-2_i386.udeb
  to pool/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-2_i386.udeb
libpng12-0_1.2.15~beta5-2_i386.deb
  to pool/main/libp/libpng/libpng12-0_1.2.15~beta5-2_i386.deb
libpng12-dev_1.2.15~beta5-2_i386.deb
  to pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-2_i386.deb
libpng3_1.2.15~beta5-2_all.deb
  to pool/main/libp/libpng/libpng3_1.2.15~beta5-2_all.deb
libpng_1.2.15~beta5-2.diff.gz
  to pool/main/libp/libpng/libpng_1.2.15~beta5-2.diff.gz
libpng_1.2.15~beta5-2.dsc
  to pool/main/libp/libpng/libpng_1.2.15~beta5-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 424729@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 09 May 2007 17:34:02 +1000
Source: libpng
Binary: libpng12-dev libpng12-0 libpng12-0-udeb libpng3
Architecture: source i386 all
Version: 1.2.15~beta5-2
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 424729
Changes: 
 libpng (1.2.15~beta5-2) unstable; urgency=high
 .
   * It seems that a grayscale image with a malformed (bad CRC) tRNS
     chunk will crash libpng and mozilla. Closes: #424729.
     - CVE-2007-2445
       http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
     - CERT Vulnerability Note VU#684664
       http://www.kb.cert.org/vuls/id/684664
Files: 
 6d2757d15e97d59208d022a6af57eafe 721 libs optional libpng_1.2.15~beta5-2.dsc
 d3370d82d4405825c18a2049f48ca2e4 14392 libs optional libpng_1.2.15~beta5-2.diff.gz
 35963925bcfe06e90205cd5e8fd221a0 186534 libs optional libpng12-0_1.2.15~beta5-2_i386.deb
 e8c6269c88d58e42d0cfded17c807183 170838 libdevel optional libpng12-dev_1.2.15~beta5-2_i386.deb
 938c98310339773a295aac070a47f3a8 884 oldlibs optional libpng3_1.2.15~beta5-2_all.deb
 55867140aec4986f8da84be6da46dab7 67514 debian-installer extra libpng12-0-udeb_1.2.15~beta5-2_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGS6KpipBneRiAKDwRAui1AJ4xkoDJePYT0iLgVFjOrgxyY2BaEgCgkqtu
sOnu3pVg7tsf31WgTKCGibE=
=95fq
-----END PGP SIGNATURE-----

--- End Message ---

--- End Message ---

Attachment: signature.asc
Description: Digital signature