From owner-freebsd-ports-bugs@FreeBSD.ORG  Sat Nov 22 20:10:02 2008
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BA1631065687
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sat, 22 Nov 2008 20:10:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id A3B258FC19;
	Sat, 22 Nov 2008 20:10:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAMKA2R3073693;
	Sat, 22 Nov 2008 20:10:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAMKA1ps073655;
	Sat, 22 Nov 2008 20:10:01 GMT (envelope-from gnats)
Resent-Date: Sat, 22 Nov 2008 20:10:01 GMT
Resent-Message-Id: <200811222010.mAMKA1ps073655@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Cc: tom@hur.st
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5FE71106564A;
	Sat, 22 Nov 2008 20:01:40 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id 1C25A8FC13;
	Sat, 22 Nov 2008 20:01:40 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from phoenix.codelabs.ru (ppp91-78-248-208.pppoe.mtu-net.ru
	[91.78.248.208])
	by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256)
	id 1L3yfj-000FWP-1j; Sat, 22 Nov 2008 23:01:39 +0300
Message-Id: <20081122200136.432B3F181F@phoenix.codelabs.ru>
Date: Sat, 22 Nov 2008 23:01:36 +0300 (MSK)
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
X-GNATS-Notify: tom@hur.st
Cc: freebsd-security@FreeBSD.org
Subject: ports/129072: [vuxml] graphics/optipng: document CVE-2008-5101
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Nov 2008 20:10:02 -0000


>Number:         129072
>Category:       ports
>Synopsis:       [vuxml] graphics/optipng: document CVE-2008-5101
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 22 20:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Eygene Ryabinkin
>Release:        FreeBSD 7.1-PRERELEASE i386
>Organization:
Code Labs
>Environment:

System: FreeBSD 7.1-PRERELEASE i386

>Description:

Buffer overflow in the OptiPNG BMP file handling was discovered.  The
code in question exists even in the 0.5.4, so, while it is questionable
if such an old version can be attacked with the original exploit, I
think that 0.5.4 has this vulnerability too.  Have no direct evidence
though.

>How-To-Repeat:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101
http://secunia.com/advisories/32651

>Fix:

The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
  <vuln vid="">
    <topic>optipng -- arbitrary code execution via crafted BMP image</topic>
    <affects>
      <package>
	<name>optipng</name>
	<range><lt>1.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Secunia reports:</p>
	<blockquote cite="http://secunia.com/advisories/32651">
	<p>A vulnerability has been reported in OptiPNG, which
	potentially can be exploited by malicious people to compromise
	a user's system.</p>
	<p>The vulnerability is caused due to a boundary error in
	the BMP reader and can be exploited to cause a buffer
	overflow by tricking a user into processing a specially
	crafted file.</p>
	<p>Successful exploitation may allow execution of arbitrary
	code.</p>
	<p>The vulnerability is reported in versions prior to 0.6.2.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2008-5101</cvename>
      <url>http://secunia.com/advisories/32651</url>
      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399</url>
      <url>http://optipng.sourceforge.net/</url>
    </references>
    <dates>
      <discovery>2008-11-11</discovery>
    </dates>
  </vuln>
--- vuln.xml ends here ---

Please, note that there is PR ports/128877 that updates port to 0.6.2
and this version isn't vulnerable.  I feel that the PR severity can be
raised due to the found vulnerability.
>Release-Note:
>Audit-Trail:
>Unformatted: