Bug 204551

Summary: graphics/png: buffer overflows in libpng 1.6.18 (CVE-2015-8126)
Product: Ports & Packages Reporter: Walter Hop <walter>
Component: Individual Port(s)Assignee: Bernard Spil <brnrd>
Status: Closed FIXED    
Severity: Affects Many People CC: antoine, brnrd, ports-secteam
Priority: Normal Keywords: security
Version: LatestFlags: koobs: maintainer-feedback-
koobs: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://reviews.freebsd.org/D4164

Description Walter Hop 2015-11-14 21:21:17 UTC 
"Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng [...] before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126

http://www.openwall.com/lists/oss-security/2015/11/12/2

Assuming it might be usable for exploitation, I would recommend bumping the port soon.
Comment 1 Antoine Brodin freebsd_committer freebsd_triage 2015-11-14 21:39:31 UTC 
libpng website is down and sourceforge is in in Disaster Recovery mode (and doesn't have 1.6.19 yet),  so this update will have to wait a few hours I guess..
Comment 2 Bernard Spil freebsd_committer freebsd_triage 2015-11-15 11:09:39 UTC 
This is now handled in Phabricator
https://reviews.freebsd.org/D4164
Comment 3 commit-hook freebsd_committer freebsd_triage 2015-11-15 11:41:26 UTC 
A commit references this bug:

Author: antoine
Date: Sun Nov 15 11:41:02 UTC 2015
New revision: 401693
URL: https://svnweb.freebsd.org/changeset/ports/401693

Log:
  Update to 1.6.19

  PR:		204551
  MFH:		2015Q4
  Security:	CVE-2015-8126

Changes:
  head/graphics/png/Makefile
  head/graphics/png/distinfo
  head/graphics/png/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2015-11-15 11:43:28 UTC 
A commit references this bug:

Author: antoine
Date: Sun Nov 15 11:43:12 UTC 2015
New revision: 401694
URL: https://svnweb.freebsd.org/changeset/ports/401694

Log:
  MFH: r401693

  Update to 1.6.19

  PR:		204551
  Security:	CVE-2015-8126

Changes:
_U  branches/2015Q4/
  branches/2015Q4/graphics/png/Makefile
  branches/2015Q4/graphics/png/distinfo
  branches/2015Q4/graphics/png/pkg-plist
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-17 03:12:02 UTC 
security/vuxml change committed by brnrd@ in r401719 [1] but PR: not referenced.

[1] http://svnweb.freebsd.org/changeset/ports/401719

CC committer that resolved.