Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libpng is vulnerable, CVE-2015-8126 #11030

Closed
pSub opened this issue Nov 15, 2015 · 5 comments
Closed

libpng is vulnerable, CVE-2015-8126 #11030

pSub opened this issue Nov 15, 2015 · 5 comments
Labels
1.severity: security

Comments

@pSub
Copy link
Member

pSub commented Nov 15, 2015

Vulnerability is fixd in 1.6.19, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126.
@domenkozar
Copy link
Member

libpng-1.6.19-apng.patch.gz is not yet available

@domenkozar
Copy link
Member

Patches: https://bugzilla.redhat.com/show_bug.cgi?id=1281756

vcunat added a commit that referenced this issue Nov 16, 2015
@vcunat
libpng: security and maintenance 1.6.18 -> 1.6.19
018c272 
Fixes #11030, CVE-2015-{7981,8126}.

(cherry picked from commit cc86857)
@vcunat
Copy link
Member

vcunat commented Nov 16, 2015

apng patch is available now.

CVSS v2 Base Score: 7.5 (HIGH)

For now I pushed the fix to 15.09 and staging.

@domenkozar
Copy link
Member

👍

vcunat added a commit that referenced this issue Nov 17, 2015
@vcunat
libpng12: security update 1.2.53 -> 1.2.54
31aa281 
Part of fix for #11030.
Also refactor meta.
vcunat added a commit that referenced this issue Nov 17, 2015
@vcunat
libpng12: security update 1.2.53 -> 1.2.54
43f23f7 
Part of fix for #11030.
Also refactor meta.

(cherry picked from commit 31aa281)
@vcunat vcunat closed this as completed in cc86857 Dec 5, 2015
@vcunat
Copy link
Member

vcunat commented Dec 17, 2015

Upstream claims the fix wasn't complete, so there's another libpng release that I'll stage in a moment https://sourceforge.net/p/libpng/news/2015/12/libpng-1620-1525-1418-1255-and-1065-released/

vcunat added a commit that referenced this issue Dec 17, 2015
@vcunat
libpng: security update
04d9934 
It should finally fix #11030 and CVE-2015-8126
vcunat added a commit that referenced this issue Dec 17, 2015
@vcunat
libpng: security update
0dd23a6 
It should finally fix #11030 and CVE-2015-8126

(cherry picked from commit 04d9934)
vcunat added a commit that referenced this issue Dec 30, 2015
@vcunat
libpng-1.2: security update 1.2.54 -> 1.2.55
8627b26 
It should finally fix #11030 and CVE-2015-8126 for 1.2.
vcunat added a commit that referenced this issue Dec 30, 2015
@vcunat
libpng-1.2: security update 1.2.54 -> 1.2.55
617d0bc 
It should finally fix #11030 and CVE-2015-8126 for 1.2.

(cherry picked from commit 8627b26)
wizeman pushed a commit to wizeman/nixpkgs that referenced this issue Jan 19, 2016
@vcunat @wizeman
libpng: security and maintenance 1.6.18 -> 1.6.19
1269bff 
Fixes NixOS#11030, CVE-2015-{7981,8126}.

(cherry picked from commit cc86857)
adrianpk added a commit to adrianpk/nixpkgs that referenced this issue May 31, 2024
@adrianpk
libpng: security and maintenance 1.6.18 -> 1.6.19
ea2feac 
Fixes NixOS#11030, CVE-2015-{7981,8126}.

(cherry picked from commit cc86857)
adrianpk added a commit to adrianpk/nixpkgs that referenced this issue May 31, 2024
@adrianpk
libpng12: security update 1.2.53 -> 1.2.54
7650d9f 
Part of fix for NixOS#11030.
Also refactor meta.

(cherry picked from commit 31aa281)
adrianpk added a commit to adrianpk/nixpkgs that referenced this issue May 31, 2024
@adrianpk
libpng: security update
4d8e96f 
It should finally fix NixOS#11030 and CVE-2015-8126

(cherry picked from commit 04d9934)
adrianpk added a commit to adrianpk/nixpkgs that referenced this issue May 31, 2024
@adrianpk
libpng-1.2: security update 1.2.54 -> 1.2.55
96e84ca 
It should finally fix NixOS#11030 and CVE-2015-8126 for 1.2.

(cherry picked from commit 8627b26)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pSub @domenkozar @vcunat