[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.017-png.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 29-Apr-2004 22:11:21 Branch: HEAD Handle: 2004042921112000 Modified files: openpkg-web/securityOpenPKG-SA-2004.017-png.txt Log: fill in CURRENT affected package versions and releases Summary: RevisionChanges Path 1.2 +14 -14 openpkg-web/security/OpenPKG-SA-2004.017-png.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.017-png.txt --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:04:08 - 1.1 +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:11:20 - 1.2 @@ -14,20 +14,20 @@ OpenPKG Specific:no Affected Releases: Affected Packages: Corrected Packages: -OpenPKG CURRENT = abiword- = abiword-2.1.2-20040429 - = analog- = analog-5.32-20040429 - = doxygen- = doxygen-1.3.6-20040429 - = firefox- = firefox-0.8-20040429 - = ghostscript- = ghostscript-8.14-20040429 - = kde- = kde-qt-3.2.3-20040429 - = mozilla- = mozilla-1.7rc1-20040429 - = pdflib- = pdflib-5.0.3-20040429 - = perl-= perl-tk-5.8.4-20040429 - = png- = png-1.2.5-20040429 - = qt- = qt-3.3.2-20040429 - = rrdtool- = rrdtool-1.0.48-20040429 - = tetex- = tetex-2.0.2-20040429 - = wx- = wx-2.4.2-20040429 +OpenPKG CURRENT = abiword-2.1.1-20040406 = abiword-2.1.2-20040429 + = analog-5.32-20040207 = analog-5.32-20040429 + = doxygen-1.3.6-20040212 = doxygen-1.3.6-20040429 + = firefox-0.8-20040210 = firefox-0.8-20040429 + = ghostscript-8.14-20040220 = ghostscript-8.14-20040429 + = kde-3.2.3-20040406 = kde-qt-3.2.3-20040429 + = mozilla-1.7rc1-20040423 = mozilla-1.7rc1-20040429 + = pdflib-5.0.3-20040212= pdflib-5.0.3-20040429 + = perl-tk-5.8.4-20040422 = perl-tk-5.8.4-20040429 + = png-1.2.5-20040207 = png-1.2.5-20040429 + = qt-3.3.2-20040428= qt-3.3.2-20040429 + = rrdtool-1.0.48-20040407 = rrdtool-1.0.48-20040429 + = tetex-2.0.2-20040207 = tetex-2.0.2-20040429 + = wx-2.4.2-20040425= wx-2.4.2-20040429 OpenPKG 2.0 = analog-5.32-2.0.0= analog-5.32-2.0.1 = doxygen-1.3.6-2.0.0 = doxygen-1.3.6-2.0.1 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.017-png.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 29-Apr-2004 22:13:06 Branch: HEAD Handle: 2004042921130500 Modified files: openpkg-web/securityOpenPKG-SA-2004.017-png.txt Log: remove dummy header and insert a vertical space because ghostscript is too long to fit Summary: RevisionChanges Path 1.3 +32 -35 openpkg-web/security/OpenPKG-SA-2004.017-png.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt $ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2004.017-png.txt --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:11:20 - 1.2 +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:13:05 - 1.3 @@ -1,6 +1,3 @@ -#FIXME, this is a template -#FIXME, the first three lines are just dummies -#FIXME, to help comparing this against sibling signed documents OpenPKG Security AdvisoryThe OpenPKG Project @@ -13,41 +10,41 @@ Vulnerability: denial of service, program crash OpenPKG Specific:no -Affected Releases: Affected Packages: Corrected Packages: -OpenPKG CURRENT = abiword-2.1.1-20040406 = abiword-2.1.2-20040429 - = analog-5.32-20040207 = analog-5.32-20040429 - = doxygen-1.3.6-20040212 = doxygen-1.3.6-20040429 - = firefox-0.8-20040210 = firefox-0.8-20040429 +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = abiword-2.1.1-20040406= abiword-2.1.2-20040429 + = analog-5.32-20040207 = analog-5.32-20040429 + = doxygen-1.3.6-20040212= doxygen-1.3.6-20040429 + = firefox-0.8-20040210 = firefox-0.8-20040429 = ghostscript-8.14-20040220 = ghostscript-8.14-20040429 - = kde-3.2.3-20040406 = kde-qt-3.2.3-20040429 - = mozilla-1.7rc1-20040423 = mozilla-1.7rc1-20040429 - = pdflib-5.0.3-20040212= pdflib-5.0.3-20040429 - = perl-tk-5.8.4-20040422 = perl-tk-5.8.4-20040429 - = png-1.2.5-20040207 = png-1.2.5-20040429 - = qt-3.3.2-20040428= qt-3.3.2-20040429 - = rrdtool-1.0.48-20040407 = rrdtool-1.0.48-20040429 - = tetex-2.0.2-20040207 = tetex-2.0.2-20040429 - = wx-2.4.2-20040425= wx-2.4.2-20040429 + = kde-3.2.3-20040406= kde-qt-3.2.3-20040429 + = mozilla-1.7rc1-20040423 = mozilla-1.7rc1-20040429 + = pdflib-5.0.3-20040212 = pdflib-5.0.3-20040429 + = perl-tk-5.8.4-20040422= perl-tk-5.8.4-20040429 + = png-1.2.5-20040207= png-1.2.5-20040429 + = qt-3.3.2-20040428 = qt-3.3.2-20040429 + = rrdtool-1.0.48-20040407 = rrdtool-1.0.48-20040429 + = tetex-2.0.2-20040207 = tetex-2.0.2-20040429 + = wx-2.4.2-20040425 = wx-2.4.2-20040429 -OpenPKG 2.0 = analog-5.32-2.0.0= analog-5.32-2.0.1 - = doxygen-1.3.6-2.0.0 = doxygen-1.3.6-2.0.1 - = ghostscript-8.13-2.0.0 = ghostscript-8.13-2.0.1 - = mozilla-1.6-2.0.0= mozilla-1.6-2.0.1 - = pdflib-5.0.3-2.0.0 = pdflib-5.0.3-2.0.1 - = perl-tk-5.8.3-2.0.0 = perl-tk-5.8.3-2.0.1 - = png-1.2.5-2.0.0 = png-1.2.5-2.0.1 - = qt-3.2.3-2.0.0 = qt-3.2.3-2.0.1 - = rrdtool-1.0.46-2.0.0 = rrdtool-1.0.46-2.0.1 - = tetex-2.0.2-2.0.0= tetex-2.0.2-2.0.1 +OpenPKG 2.0 = analog-5.32-2.0.0 = analog-5.32-2.0.1 + = doxygen-1.3.6-2.0.0 = doxygen-1.3.6-2.0.1 + = ghostscript-8.13-2.0.0= ghostscript-8.13-2.0.1 + = mozilla-1.6-2.0.0 = mozilla-1.6-2.0.1 + = pdflib-5.0.3-2.0.0= pdflib-5.0.3-2.0.1 + = perl-tk-5.8.3-2.0.0 = perl-tk-5.8.3-2.0.1 + = png-1.2.5-2.0.0
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.017-png.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 29-Apr-2004 22:26:34 Branch: HEAD Handle: 2004042921263400 Modified files: openpkg-web/securityOpenPKG-SA-2004.017-png.txt Log: small adjustments only Summary: RevisionChanges Path 1.4 +11 -9 openpkg-web/security/OpenPKG-SA-2004.017-png.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt $ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2004.017-png.txt --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:13:05 - 1.3 +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:26:34 - 1.4 @@ -7,7 +7,7 @@ Package: png -Vulnerability: denial of service, program crash +Vulnerability: denial of service OpenPKG Specific:no Affected Releases: Affected Packages: Corrected Packages: @@ -66,17 +66,19 @@ Description: - According to a security advisory from Steve Grubb libpng accesses + According to a security advisory from Steve Grubb, libpng accesses memory that is out of bounds when creating an error message. Depending - on machine architecture bounds checking and other protective measures, - this problem could cause the program to core dump. If a daemon - processes png images, this would be a DOS. + on machine architecture, bounds checking and other protective + measures, this problem could cause the program to crash if a defective + or intentionally prepared PNG image file is handled by libpng. This + can even lead to a Denial of Service (DoS) situation. Please check whether you are affected by running prefix/bin/rpm - -q png. If you have the png package installed and its version - is affected (see above), we recommend that you immediately upgrade - it (see Solution) and its dependent packages (see above), if any, - too [3][4]. + -q png (and similarly for the other affected packages which have + PNG included). If you have the png package (or one of the others) + installed and its version is affected (see above), we recommend that + you immediately upgrade it (see Solution) and its dependent packages + (see above), if any, too [3][4]. Solution: Select the updated source RPM appropriate for your OpenPKG release @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.017-png.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 29-Apr-2004 22:27:48 Branch: HEAD Handle: 2004042921274800 Modified files: openpkg-web/securityOpenPKG-SA-2004.017-png.txt Log: last minute CVE info CAN-2004-0421 Summary: RevisionChanges Path 1.5 +6 -4 openpkg-web/security/OpenPKG-SA-2004.017-png.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt $ cvs diff -u -r1.4 -r1.5 OpenPKG-SA-2004.017-png.txt --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:26:34 - 1.4 +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:27:48 - 1.5 @@ -66,12 +66,14 @@ Description: - According to a security advisory from Steve Grubb, libpng accesses + According to a security advisory from Steve Grubb, libpng [1] accesses memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective - or intentionally prepared PNG image file is handled by libpng. This - can even lead to a Denial of Service (DoS) situation. + or intentionally prepared PNG image file is handled by libpng. + This can even lead to a Denial of Service (DoS) situation. The + Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-2004-0421 [2] to the problem. Please check whether you are affected by running prefix/bin/rpm -q png (and similarly for the other affected packages which have @@ -105,7 +107,7 @@ References: [1] http://www.libpng.org/pub/png/ - [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-... + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.3/UPD/png-1.2.5-1.3.1.src.rpm @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.017-png.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 29-Apr-2004 22:37:24 Branch: HEAD Handle: 2004042921372300 Modified files: openpkg-web/securityOpenPKG-SA-2004.017-png.txt Log: release OpenPKG Security Advisory 2004.017 (png) Summary: RevisionChanges Path 1.7 +10 -0 openpkg-web/security/OpenPKG-SA-2004.017-png.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.017-png.txt $ cvs diff -u -r1.6 -r1.7 OpenPKG-SA-2004.017-png.txt --- openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:32:06 - 1.6 +++ openpkg-web/security/OpenPKG-SA-2004.017-png.txt 29 Apr 2004 20:37:23 - 1.7 @@ -1,3 +1,6 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + OpenPKG Security AdvisoryThe OpenPKG Project @@ -124,3 +127,10 @@ for details on how to verify the integrity of this advisory. +-BEGIN PGP SIGNATURE- +Comment: OpenPKG [EMAIL PROTECTED] + +iD8DBQFAkWdagHWT4GPEy58RAhUzAJ91BK7ra6vUQfzOxYR0tF6OJKD9ZACcDu9K +bQeFjP+LBoyEg6ikl+zNOf4= +=EMRS +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]