Debian
libpng package

libpng 1.2.27-2+lenny3 source package in Debian

Changelog

libpng (1.2.27-2+lenny3) stable-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
    width values that are not divisible by 8, which causes libpng to include
    uninitialized bits in certain rows of a PNG file and might allow remote
    attackers to read portions of sensitive memory via "out-of-bounds pixels"
    in the file (Closes: 533676)
  * Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
    data that has a disproportionately large uncompressed representation, which
    allows remote attackers to cause a denial of service (memory and CPU
    consumption, and  application hang) via a crafted PNG file (Closes: #572308)

 -- Giuseppe Iuculano <email address hidden>  Sun, 11 Apr 2010 11:40:33 +0200

Upload details

Uploaded by:
Anibal Monsalve Salazar
Uploaded to:
Lenny
Original maintainer:
Anibal Monsalve Salazar
Architectures:
any
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
libpng_1.2.27-2+lenny3.dsc 1.2 KiB d6faba268d2e00c73632b5ad3df2da351dcf82966557e5f7e750a5287165b667
libpng_1.2.27.orig.tar.gz 764.8 KiB 319b955bde2ec207fb8db338bfc092fbf35765096e6db6d17f7f3b3bff03e25f
libpng_1.2.27-2+lenny3.diff.gz 19.2 KiB 4a5a1ad1b9d98914fd7c10fc2a1cf146847acdf44e6e0477fc16d9fd05e3d333

No changes file available.

Binary packages built by this source