libpng (1.2.49-1ubuntu1) quantal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
libpng (1.2.49-1) unstable; urgency=high
* New upstream version 1.2.49
- Fix CVE-2011-3048 (memory corruption flaw)
Closes: 667475
- Don't crash with electric fence memory debugger
Closes: 668082
* Merged upstream: 02-665208-CVE-2012-3045.patch
libpng (1.2.47-2) unstable; urgency=high
* Fix Buffer overflow
Fix CVE-2012-3045
Add 02-665208-CVE-2012-3045.patch
Closes: 665208
* Standards Version is 3.9.3
libpng (1.2.47-1) unstable; urgency=low
* New upstream version 1.2.47
The purpose of this release is to fix the dangerous CVE-2011-3026.
The libpng patch is different from the one that was distributed
earlier by Chromium, in that the libpng user limit feature is not
crippled by the patch.
Remove 02-660026-CVE-2011-3026.patch
libpng (1.2.46-5) unstable; urgency=high
* Check for both truncation (64-bit platforms) and integer overflow
Fix CVE-2011-3026
Add 02-660026-CVE-2011-3026.patch
Closes: 660026
libpng (1.2.46-4) unstable; urgency=low
* Update debian/rules.
Enabled hardened build flags. (Closes: #654149)
-- Marc Deslauriers <email address hidden> Thu, 24 May 2012 10:13:23 -0400