Bug#1021278: pngcheck: CVE-2020-35511
Am Thu, Oct 20, 2022 at 11:28:22PM -0300 schrieb David da Silva Polverari: > Hi, > > I adjusted the affected versions in the BTS, but I couldn't find any > patch for it. The reference to buffer overflows seem related to > CVE-2020-27818, so I wonder whether it is a duplicate or not. > > If it is, it was already closed in [1]. > > [1] CVE-2020-27818 Yeah, indeed, this seems to be a CVE assignment for a rather old version, so testing/sid are in fact fixed. But looking at the changelog, there's a few more security fixes between 2.3.0 (in stable) and 3.0.2 and since practically all changes are security-related I'll simply build 3.0.2 for bullseye-security. Cheers, Moritz
Bug#1021278: pngcheck: CVE-2020-35511
Sorry, I made a mistake when trying to send the link to the closed bug [1]. You can find the right link below. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976350 Regards, David.
Bug#1021278: pngcheck: CVE-2020-35511
Hi, I adjusted the affected versions in the BTS, but I couldn't find any patch for it. The reference to buffer overflows seem related to CVE-2020-27818, so I wonder whether it is a duplicate or not. If it is, it was already closed in [1]. [1] CVE-2020-27818 Regards, David
Bug#1021278: pngcheck: CVE-2020-35511
Source: pngcheck X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pngcheck. CVE-2020-35511[0]: | A global buffer overflow was discovered in pngcheck function in | pngcheck-2.4.0(5 patches applied) via a crafted png file. Only reference here is SuSE bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1202662#c2 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35511 https://www.cve.org/CVERecord?id=CVE-2020-35511 Please adjust the affected versions in the BTS as needed.