Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 0E133A57FE for ; Thu, 29 Jan 2015 00:11:47 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 4EF0014A211; Thu, 29 Jan 2015 00:11:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 1C7EE14A209 for ; Thu, 29 Jan 2015 00:11:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id MJMAsvw-L7C1 for ; Thu, 29 Jan 2015 00:11:32 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 6A80214A205 for ; Thu, 29 Jan 2015 00:11:32 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 5D99E98; Thu, 29 Jan 2015 00:11:32 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Thu, 29 Jan 2015 00:11:32 +0000 From: "OBATA Akio" Subject: CVS commit: pkgsrc/emulators/suse131_libpng To: pkgsrc-changes@NetBSD.org Reply-To: obache@netbsd.org X-Mailer: log_accum Message-Id: <20150129001132.5D99E98@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: obache Date: Thu Jan 29 00:11:32 UTC 2015 Modified Files: pkgsrc/emulators/suse131_libpng: Makefile distinfo Log Message: Apply following update to suse131_libpng, bump PKGREVISION. openSUSE Security Update: Security update for libpng16 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0161-1 Rating: important References: #912076 #912929 Cross-References: CVE-2014-9495 CVE-2015-0973 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: libpng was updated to fix some security issues: * CVE-2014-9495 [bnc#912076]: Heap-buffer overflow png_combine_row() with very wide interlaced images * CVE-2015-0973 [bnc#912929]: overflow in png_read_IDAT_data libpng is now also build with -DPNG_SAFE_LIMITS_SUPPORTED. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-79 - openSUSE 13.1: zypper in -t patch openSUSE-2015-79 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libpng16-16-1.6.13-2.4.1 libpng16-16-debuginfo-1.6.13-2.4.1 libpng16-compat-devel-1.6.13-2.4.1 libpng16-debugsource-1.6.13-2.4.1 libpng16-devel-1.6.13-2.4.1 libpng16-tools-1.6.13-2.4.1 libpng16-tools-debuginfo-1.6.13-2.4.1 - openSUSE 13.2 (x86_64): libpng16-16-32bit-1.6.13-2.4.1 libpng16-16-debuginfo-32bit-1.6.13-2.4.1 libpng16-compat-devel-32bit-1.6.13-2.4.1 libpng16-devel-32bit-1.6.13-2.4.1 - openSUSE 13.1 (i586 x86_64): libpng16-16-1.6.6-16.1 libpng16-16-debuginfo-1.6.6-16.1 libpng16-compat-devel-1.6.6-16.1 libpng16-debugsource-1.6.6-16.1 libpng16-devel-1.6.6-16.1 libpng16-tools-1.6.6-16.1 libpng16-tools-debuginfo-1.6.6-16.1 - openSUSE 13.1 (x86_64): libpng16-16-32bit-1.6.6-16.1 libpng16-16-debuginfo-32bit-1.6.6-16.1 libpng16-compat-devel-32bit-1.6.6-16.1 libpng16-devel-32bit-1.6.6-16.1 References: http://support.novell.com/security/cve/CVE-2014-9495.html http://support.novell.com/security/cve/CVE-2015-0973.html https://bugzilla.suse.com/show_bug.cgi?id=912076 https://bugzilla.suse.com/show_bug.cgi?id=912929 To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 pkgsrc/emulators/suse131_libpng/Makefile cvs rdiff -u -r1.4 -r1.5 pkgsrc/emulators/suse131_libpng/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.