Source: pngcheck Version: 2.3.0-12 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.3.0-7
Hi, The following vulnerability was published for pngcheck. CVE-2020-27818[0]: | global buffer overflow was discovered in check_chunk_name function | via crafted pngfile Red Hat has a report in [1] and fixed their releases with [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-27818 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27818 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1902011 [2] https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch Regards, Salvatore
