Bug#512665: marked as done (CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero)

[Debian Bug Tracking System]

Your message dated Tue, 14 Jun 2011 00:07:41 +0000
with message-id <banlktinyose9b_rne1kj6d55yrps4pj...@mail.gmail.com>
and subject line Re: CVE-2008-5907: png_check_keyword might allow 
context-dependent attackers to set the value of an arbitrary memory location to 
zero
has caused the Debian Bug report #512665,
regarding CVE-2008-5907: png_check_keyword might allow context-dependent 
attackers to set the value of an arbitrary memory location to zero
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
512665: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512665
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libpng
Version:        1.2.15~beta5-1
Severity: normal
Tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was published for 
horde3.

CVE-2008-5907[1]:
> The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and
> 1.2.x before 1.2.34, might allow context-dependent attackers to set the
> value of an arbitrary memory location to zero via vectors involving
> creation of crafted PNG files with keywords, related to an implicit cast of
> the '\0' character constant to a NULL pointer. NOTE: some sources
> incorrectly report this as a double free vulnerability.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
     http://security-tracker.debian.net/tracker/CVE-2008-5907

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

signature.asc
Description: This is a digitally signed message part.

--- End Message ---

--- Begin Message ---

Source: libpng
Version: 1.2.27-2+lenny1

Hi,

This bug already closed in libpng 1.2.27-2+lenny1.

libpng (1.2.27-2+lenny1) stable-security; urgency=high

   * Non-maintainer upload.
   * debian/patches/03-CVE-2008-5907.diff: update pngwutil.c to properly set
     new_key to NULL string. (CVE-2008-5907) (Closes: #512665)
   * debian/patches/04-CVE-2009-0040.diff: initialize pointers in pngread.c,
     pngrtans.c, pngset.c and example.c (CVE-2009-0040) (Closes: #516256)
 -- Giuseppe Iuculano <giuse...@iuculano.it>  Sat, 14 Mar 2009 21:31:31 +0100

I close this bug.

Best regards,
  Nobuhiro

--- End Message ---