Ubuntu

Change log for “libpng” package in Ubuntu

175 of 85 results
Published in trusty-release on 2014-03-31
Deleted in trusty-proposed (Reason: moved to release)
libpng (1.2.50-1ubuntu2) trusty; urgency=medium

  * Add debian/patches/02-required-space.patch, thanks to Dan Kegel for the
    patch. (LP: #1298779)
 -- Brian Murray <email address hidden>   Mon, 31 Mar 2014 14:20:51 -0700

Available diffs

Superseded in trusty-release on 2014-03-31
Deleted in trusty-proposed on 2014-04-02 (Reason: moved to release)
libpng (1.2.50-1ubuntu1) trusty; urgency=medium

  * Merge from Debian testing. Remaining changes:
    - Revert to gzip compression for libpng12-0's data tarball. Packages in
      the base system may not use bzip2.
  * Drop our autopkgtest changes, debian has those now

Superseded in trusty-release on 2014-02-04
Deleted in trusty-proposed on 2014-02-05 (Reason: moved to release)
libpng (1.2.49-5ubuntu1) trusty; urgency=low

  * Merge from Debian testing. Remaining changes:
    - Revert to gzip compression for libpng12-0's data tarball. Packages in
      the base system may not use bzip2.
    - Add debian/tests: Simple compile/link/run autopkgtest

Superseded in trusty-release on 2013-11-07
Published in saucy-release on 2013-08-23
Deleted in saucy-proposed (Reason: moved to release)
libpng (1.2.49-4ubuntu1) saucy; urgency=low

   * Merge from Debian unstable. Remaining changes:
    - Revert to gzip compression for libpng12-0's data tarball. Packages in
      the base system may not use bzip2.
    - Add debian/tests: Simple compile/link/run autopkgtest

Available diffs

Superseded in saucy-release on 2013-08-23
Published in raring-release on 2012-11-12
Deleted in raring-proposed (Reason: moved to release)
libpng (1.2.49-1ubuntu2) raring; urgency=low

  * Add debian/tests: Simple compile/link/run autopkgtest. (LP: #1073538)
 -- Rafal Cieslak <email address hidden>   Wed, 31 Oct 2012 16:43:53 +0100
Superseded in raring-release on 2012-11-12
Published in quantal-release on 2012-05-24
libpng (1.2.49-1ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Revert to gzip compression for libpng12-0's data tarball. Packages in
      the base system may not use bzip2.

Available diffs

Superseded in quantal-release on 2012-05-24
Published in precise-release on 2012-04-05
libpng (1.2.46-3ubuntu4) precise; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:21:56 -0400

Available diffs

Published in lucid-updates on 2012-04-05
Published in lucid-security on 2012-04-05
libpng (1.2.42-1ubuntu2.5) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:43:48 -0400
Published in hardy-updates on 2012-04-05
Published in hardy-security on 2012-04-05
libpng (1.2.15~beta5-3ubuntu0.7) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - pngset.c: correctly restore to previous condition.
    - Patch from Debian's 1.2.44-1+squeeze4 update
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:47:42 -0400
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
libpng (1.2.44-1ubuntu0.4) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:41:07 -0400
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
libpng (1.2.44-1ubuntu3.4) natty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:40:00 -0400
Published in oneiric-updates on 2012-04-05
Published in oneiric-security on 2012-04-05
libpng (1.2.46-3ubuntu1.3) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:27:19 -0400
Superseded in precise-release on 2012-04-05
libpng (1.2.46-3ubuntu3) precise; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/CVE-2011-3045.patch: use correct type, properly handle
      odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:16:18 -0400
Superseded in hardy-updates on 2012-04-05
Superseded in hardy-security on 2012-04-05
libpng (1.2.15~beta5-3ubuntu0.6) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - pngrutil.c: use correct type, properly handle odd chunk lengths, fix
      off-by-one.
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:41:22 -0400
Superseded in maverick-updates on 2012-04-05
Superseded in maverick-security on 2012-04-05
libpng (1.2.44-1ubuntu0.3) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/06-CVE-2011-3045.patch: use correct type, properly
      handle odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:34:30 -0400
Superseded in lucid-updates on 2012-04-05
Superseded in lucid-security on 2012-04-05
libpng (1.2.42-1ubuntu2.4) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/09-CVE-2011-3045.patch: use correct type, properly
      handle odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:38:15 -0400
Superseded in natty-updates on 2012-04-05
Superseded in natty-security on 2012-04-05
libpng (1.2.44-1ubuntu3.3) natty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/06-CVE-2011-3045.patch: use correct type, properly
      handle odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:21:56 -0400
Superseded in oneiric-updates on 2012-04-05
Superseded in oneiric-security on 2012-04-05
libpng (1.2.46-3ubuntu1.2) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/CVE-2011-3045.patch: use correct type, properly handle
      odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:20:13 -0400
Superseded in precise-release on 2012-03-21
libpng (1.2.46-3ubuntu2) precise; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:10:29 -0600

Available diffs

Superseded in oneiric-updates on 2012-03-22
Superseded in oneiric-security on 2012-03-22
libpng (1.2.46-3ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:10:29 -0600
Superseded in natty-updates on 2012-03-22
Superseded in natty-security on 2012-03-22
libpng (1.2.44-1ubuntu3.2) natty-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:16:54 -0600
Superseded in maverick-updates on 2012-03-22
Superseded in maverick-security on 2012-03-22
libpng (1.2.44-1ubuntu0.2) maverick-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:18:29 -0600
Superseded in lucid-updates on 2012-03-22
Superseded in lucid-security on 2012-03-22
libpng (1.2.42-1ubuntu2.3) lucid-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/08-CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:22:27 -0600
Superseded in hardy-updates on 2012-03-22
Superseded in hardy-security on 2012-03-22
libpng (1.2.15~beta5-3ubuntu0.5) hardy-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - adjust pngrutil.c to verify size when allocating memory in
      png_decompress_chunk()
    - http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
    - CVE-2011-3026
  * SECURITY UPDATE: Reject attempt to write iCCP chunk with negative embedded
    profile length
    - adjust pngwutil.c to verify that embedded_profile_len is not negative in
      png_write_iCCP()
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
    - CVE-2009-5063
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:23:54 -0600
Superseded in precise-release on 2012-02-16
Published in oneiric-release on 2011-08-10
libpng (1.2.46-3ubuntu1) oneiric; urgency=low

  * Revert to gzip compression for libpng12-0's data tarball.  Packages in
    the base system may not use bzip2.
 -- Colin Watson <email address hidden>   Wed, 10 Aug 2011 21:25:16 +0100

Available diffs

Superseded in oneiric-release on 2011-08-10
libpng (1.2.46-3) unstable; urgency=low

  * libpng12-0-udeb: Don't use bzip2 compression
    Closes: 634865

Available diffs

Superseded in natty-updates on 2012-02-16
Superseded in natty-security on 2012-02-16
libpng (1.2.44-1ubuntu3.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jul 2011 08:29:58 -0400
Superseded in maverick-updates on 2012-02-16
Superseded in maverick-security on 2012-02-16
libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jul 2011 08:31:17 -0400
Superseded in lucid-updates on 2012-02-16
Superseded in lucid-security on 2012-02-16
libpng (1.2.42-1ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/05-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/06-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/07-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jul 2011 08:41:48 -0400
Superseded in hardy-updates on 2012-02-16
Superseded in hardy-security on 2012-02-16
libpng (1.2.15~beta5-3ubuntu0.4) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - pngrtran.c: validate coefficients.
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - pngrutil.c: check sCAL chunk length.
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
    - CVE-2011-2692
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jul 2011 08:57:37 -0400
Superseded in oneiric-release on 2011-08-10
libpng (1.2.44-2ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Build for multiarch.  Requires converting libpng3 from Arch: all to
      Arch: any.
    - Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
      directory to the udeb.
  * debian/libpng3.links: do not create gratuitous soname-versioned symlinks
    in /lib.  We only need one copy of this symlink on the path, under
    /usr/lib.

Available diffs

Superseded in oneiric-release on 2011-05-17
Obsolete in natty-release on 2013-06-04
libpng (1.2.44-1ubuntu3) natty; urgency=low

  * Build for multiarch.  Requires converting libpng3 from Arch: all to
    Arch: any.
  * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
    directory to the udeb.
 -- Steve Langasek <email address hidden>   Sat, 19 Mar 2011 17:51:38 -0700
Superseded in natty-release on 2011-03-20
libpng (1.2.44-1ubuntu2) natty; urgency=low

  * Really fix debian/libpng3.links; the symlink goes in /usr/lib and the
    target in /lib, not the other way around.
 -- Steve Langasek <email address hidden>   Sun, 27 Feb 2011 11:21:08 -0800

Available diffs

Superseded in natty-release on 2011-02-27
libpng (1.2.44-1ubuntu1) natty; urgency=low

  * debian/libpng3.links: fix up the compat symlink to point to /lib.
    Closes: #579074, LP: #284325.
 -- Steve Langasek <email address hidden>   Sat, 22 Jan 2011 13:21:17 -0800

Available diffs

Obsolete in dapper-updates on 2011-09-06
Obsolete in dapper-security on 2011-09-06
libpng (1.2.8rel-5ubuntu0.6) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution from additional data row via
    malformed PNG image
    - pngpread.c: check for unexpected data after the last row.
    - patch backported from 1.2.44
    - CVE-2010-1205
  * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
    chunks
    - pngrutil.c: properly free memory
    - patch backported from 1.2.44
    - CVE-2010-2249
 -- Marc Deslauriers <email address hidden>   Mon, 05 Jul 2010 13:19:22 -0400
Superseded in hardy-updates on 2011-07-26
Superseded in hardy-security on 2011-07-26
libpng (1.2.15~beta5-3ubuntu0.3) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution from additional data row via
    malformed PNG image
    - pngpread.c: check for unexpected data after the last row.
    - patch backported from 1.2.44
    - CVE-2010-1205
  * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
    chunks
    - pngrutil.c: properly free memory
    - patch backported from 1.2.44
    - CVE-2010-2249
 -- Marc Deslauriers <email address hidden>   Mon, 05 Jul 2010 13:09:25 -0400
Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
libpng (1.2.27-2ubuntu2.2) jaunty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution from additional data row via
    malformed PNG image
    - debian/patches/05-CVE-2010-1205.patch: check for unexpected data
      after the last row in pngpread.c.
    - CVE-2010-1205
  * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
    chunks
    - debian/patches/06-CVE-2010-2249.patch: properly free memory in
      pngrutil.c.
    - CVE-2010-2249
 -- Marc Deslauriers <email address hidden>   Mon, 05 Jul 2010 13:00:03 -0400
Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
libpng (1.2.37-1ubuntu0.2) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution from additional data row via
    malformed PNG image
    - debian/patches/03-CVE-2010-1205.patch: check for unexpected data
      after the last row in pngpread.c.
    - CVE-2010-1205
  * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
    chunks
    - debian/patches/04-CVE-2010-2249.patch: properly free memory in
      pngrutil.c.
    - CVE-2010-2249
 -- Marc Deslauriers <email address hidden>   Mon, 05 Jul 2010 11:44:13 -0400
Superseded in lucid-updates on 2011-07-26
Superseded in lucid-security on 2011-07-26
libpng (1.2.42-1ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution from additional data row via
    malformed PNG image
    - debian/patches/03-CVE-2010-1205.patch: check for unexpected data
      after the last row in pngpread.c.
    - CVE-2010-1205
  * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
    chunks
    - debian/patches/04-CVE-2010-2249.patch: properly free memory in
      pngrutil.c.
    - CVE-2010-2249
 -- Marc Deslauriers <email address hidden>   Mon, 05 Jul 2010 11:27:57 -0400
Superseded in natty-release on 2011-01-22
Obsolete in maverick-release on 2013-03-05
libpng (1.2.44-1) unstable; urgency=low

  * New upstream release
    Stop memory leak when reading a malformed sCAL chunk
 -- Michael Bienia <email address hidden>   Sat, 26 Jun 2010 13:32:43 +1000

Available diffs

Superseded in maverick-release on 2010-06-29
libpng (1.2.43-1) unstable; urgency=high

  * New upstream release 
  * Fix CVE-2010-0205 and Cert VU#576029
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
    https://www.kb.cert.org/vuls/id/576029
    Do not stall and consume large quantities of memory while processing
    certain Portable Network Graphics (PNG) files
    Closes: 572308

Available diffs

Superseded in maverick-release on 2010-06-14
Published in lucid-release on 2010-03-19
libpng (1.2.42-1ubuntu2) lucid; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
      method in pngrutil.c.
    - CVE-2010-0205
 -- Marc Deslauriers <email address hidden>   Thu, 11 Mar 2010 14:22:24 -0500
Superseded in dapper-updates on 2010-07-08
Superseded in dapper-security on 2010-07-08
libpng (1.2.8rel-5ubuntu0.5) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - pngrutil.c: use new two-pass decompression method backported from
      1.2.43
    - CVE-2010-0205
  * SECURITY UPDATE: information disclosure via 1-bit interlaced images
    - pngrutil.c: initialize memory if interlaced
    - CVE-2009-2042
 -- Marc Deslauriers <email address hidden>   Mon, 15 Mar 2010 11:11:53 -0400
Superseded in hardy-updates on 2010-07-08
Superseded in hardy-security on 2010-07-08
libpng (1.2.15~beta5-3ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - pngrutil.c: use new two-pass decompression method backported from
      1.2.43
    - CVE-2010-0205
  * SECURITY UPDATE: information disclosure via 1-bit interlaced images
    - pngrutil.c: initialize memory if interlaced
    - CVE-2009-2042
 -- Marc Deslauriers <email address hidden>   Mon, 15 Mar 2010 11:10:10 -0400
Obsolete in intrepid-updates on 2013-02-20
Obsolete in intrepid-security on 2013-02-20
libpng (1.2.27-1ubuntu0.2) intrepid-security; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - debian/patches/03-CVE-2010-0205.patch: use new two-pass decompression
      method in pngrutil.c.
    - CVE-2010-0205
  * SECURITY UPDATE: information disclosure via 1-bit interlaced images
    - debian/patches/04-CVE-2009-2042.patch: initialize memory in
      pngrutil.c.
    - CVE-2009-2042
 -- Marc Deslauriers <email address hidden>   Mon, 15 Mar 2010 11:04:48 -0400
Superseded in jaunty-updates on 2010-07-08
Superseded in jaunty-security on 2010-07-08
libpng (1.2.27-2ubuntu2.1) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - debian/patches/03-CVE-2010-0205.patch: use new two-pass decompression
      method in pngrutil.c.
    - CVE-2010-0205
  * SECURITY UPDATE: information disclosure via 1-bit interlaced images
    - debian/patches/04-CVE-2009-2042.patch: initialize memory in
      pngrutil.c.
    - CVE-2009-2042
 -- Marc Deslauriers <email address hidden>   Mon, 15 Mar 2010 11:00:47 -0400
Superseded in karmic-updates on 2010-07-08
Superseded in karmic-security on 2010-07-08
libpng (1.2.37-1ubuntu0.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
      method in pngrutil.c.
    - CVE-2010-0205
 -- Marc Deslauriers <email address hidden>   Fri, 12 Mar 2010 10:53:26 -0500
Superseded in lucid-release on 2010-03-19
libpng (1.2.42-1ubuntu1) lucid; urgency=low

  * Merge from Debian testing.  Remaining changes:
    - Move libpng from /usr/lib to /lib, so that plymouth is usable on
      systems with a separate /usr.

Available diffs

Superseded in lucid-release on 2010-01-28
libpng (1.2.41-1ubuntu1) lucid; urgency=low

  * Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
    with a separate /usr.
 -- Steve Langasek <email address hidden>   Mon, 25 Jan 2010 00:18:15 -0800

Available diffs

Superseded in lucid-release on 2010-01-25
libpng (1.2.41-1) unstable; urgency=low

  * New upstream release
  * Debian source format is 3.0 (quilt)
  * Update debian/watch
  * Add 02-export-png_set_strip_error_numbers.patch
    Define PNG_ERROR_NUMBERS_SUPPORTED
    Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
    a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
    exported.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  18 Dec 2009 17:42:49 +0000

Available diffs

Superseded in lucid-release on 2009-12-18
libpng (1.2.40-1) unstable; urgency=low

  * New upstream release 

Available diffs

Superseded in lucid-release on 2009-11-05
Obsolete in karmic-release on 2013-03-04
libpng (1.2.37-1) unstable; urgency=low

  * New upstream release 

 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  04 Jun 2009 19:17:04 +0100

Available diffs

Superseded in karmic-release on 2009-06-04
libpng (1.2.36-1) unstable; urgency=low

  * New upstream release 
  * Standards-Version is 3.8.1
  * debhelper compat is 7
  * Run dh_prep instead of dh_clean -k

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  01 Jun 2009 10:43:55 +0100

Available diffs

Superseded in karmic-release on 2009-06-01
libpng (1.2.35-1) unstable; urgency=high

  * New upstream release
    - http://secunia.com/advisories/33970/
      Fix a vulnerability reported by Tavis Ormandy in which
      some arrays of pointers are not initialized prior to using
      "malloc" to define the pointers.
      Closes: #516256
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
      The png_check_keyword function in pngwutil.c in libpng, might
      allow context-dependent attackers to set the value of an
      arbitrary memory location to zero via vectors involving
      creation of crafted PNG files with keywords, related to an
      implicit cast of the '\0' character constant to a NULL pointer.
  * Don't build libpng3 when binary-indep target is not called.
    Closes: #486415

Available diffs

Superseded in karmic-release on 2009-05-14
Obsolete in jaunty-release on 2013-02-28
libpng (1.2.27-2ubuntu2) jaunty; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
      pngrtans.c, pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
      new_key to NULL string
    - CVE-2008-5907

 -- Jamie Strandboge <email address hidden>   Thu, 05 Mar 2009 14:15:45 -0600
Superseded in dapper-updates on 2010-03-16
Superseded in dapper-security on 2010-03-16
libpng (1.2.8rel-5ubuntu0.4) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - patch applied inline: initialize pointers in pngread.c, pngrtans.c,
      pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #217128)
    - patch applied inline: initialize "unknown" chunks in pngpread.c,
      pngrutil.c and pngset.c
    - CVE-2008-1382
  * SECURITY UPDATE: denial of service via off-by-one error
    - patch applied inline: shorten tIME_string to 29 bytes in pngtest.c
    - CVE-2008-3964
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - patch applied inline: update pngwutil.c to properly set new_key to NULL
      string
    - CVE-2008-5907

 -- Jamie Strandboge <email address hidden>   Thu, 05 Mar 2009 08:01:06 -0600
Obsolete in gutsy-updates on 2011-09-16
Obsolete in gutsy-security on 2011-09-16
libpng (1.2.15~beta5-2ubuntu0.2) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #217128)
    - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
    - CVE-2008-1382
  * SECURITY UPDATE: denial of service via off-by-one error
    - shorten tIME_string to 29 bytes in pngtest.c
    - CVE-2008-3964
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - update pngwutil.c to properly set new_key to NULL string
    - CVE-2008-5907

 -- Jamie Strandboge <email address hidden>   Thu, 05 Mar 2009 07:55:49 -0600
Superseded in hardy-updates on 2010-03-16
Superseded in hardy-security on 2010-03-16
libpng (1.2.15~beta5-3ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #217128)
    - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
    - CVE-2008-1382
  * SECURITY UPDATE: denial of service via off-by-one error
    - shorten tIME_string to 29 bytes in pngtest.c
    - CVE-2008-3964
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - update pngwutil.c to properly set new_key to NULL string
    - CVE-2008-5907
  * SECURITY UPDATE: denial of service via a crafted PNG image
    - fix for pngset.c to properly check palette size in png_set_hIST
    - CVE-2007-5268
  * SECURITY UPDATE: denial of service via a crafted PNG image
    - fix for pngpread.c and pngrutil.c to properly do bounds checking on read
      operations. Previous version only had a partial fix.
    - CVE-2007-5269

 -- Jamie Strandboge <email address hidden>   Thu, 05 Mar 2009 06:39:46 -0600
Superseded in intrepid-updates on 2010-03-16
Superseded in intrepid-security on 2010-03-16
libpng (1.2.27-1ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
      pngrtans.c, pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service via off-by-one error
    - debian/patches/02-CVE-2008-3964.diff: shorten tIME_string to 29 bytes in
      pngtest.c
    - CVE-2008-3964
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
      new_key to NULL string
    - CVE-2008-5907
  * debian/rules: Work around missing definition of ECHO. Backported from
    1.2.27-2ubuntu1

 -- Jamie Strandboge <email address hidden>   Thu, 05 Mar 2009 07:37:05 -0600
Superseded in jaunty-release on 2009-03-06
libpng (1.2.27-2ubuntu1) jaunty; urgency=low

  * debian/rules: Work around missing definition of ECHO.

 -- Matthias Klose <email address hidden>   Sun, 16 Nov 2008 11:43:54 +0100

Available diffs

Superseded in jaunty-release on 2008-11-16
libpng (1.2.27-2) unstable; urgency=medium

  * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109 
  * Standards-Version is 3.8.0

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  04 Nov 2008 21:33:25 +0000

Available diffs

Superseded in jaunty-release on 2008-11-05
Obsolete in intrepid-release on 2013-02-20
libpng (1.2.27-1) unstable; urgency=low

  * New upstream release
  * Patches merged upstream:
    debian/patches/02-476669-CVE-2008-1382.diff
    debian/patches/03-404514-png.5.diff
  * Run ./autogen.sh

Superseded in dapper-updates on 2009-03-06
Superseded in dapper-security on 2009-03-06
libpng (1.2.8rel-5ubuntu0.3) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via a crafted PNG image
  * fix for pngpread.c and pngrutil.c to properly do bounds checking on read
    operations
  * References
    CVE-2007-5269

 -- Jamie Strandboge <email address hidden>   Wed, 24 Oct 2007 15:32:56 -0400
Obsolete in edgy-updates on 2008-06-19
Obsolete in edgy-security on 2008-06-19
libpng (1.2.8rel-5.1ubuntu0.3) edgy-security; urgency=low

  * SECURITY UPDATE: denial of service via a crafted PNG image
  * fix for pngpread.c and pngrutil.c to properly do bounds checking on read
    operations
  * References
    CVE-2007-5269

 -- Jamie Strandboge <email address hidden>   Wed, 24 Oct 2007 15:27:44 -0400
Superseded in gutsy-updates on 2009-03-06
Superseded in gutsy-security on 2009-03-06
libpng (1.2.15~beta5-2ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service via a crafted PNG image
  * fix for pngpread.c and pngrutil.c to properly do bounds checking on read
    operations
  * SECURITY UPDATE: denial of service via a crafted PNG image
  * fix for pngset.c to properly check palette size in png_set_hIST
  * References
    CVE-2007-5269
    CVE-2007-5268
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <email address hidden>   Wed, 24 Oct 2007 19:30:06 +0000
Obsolete in feisty-updates on 2009-08-20
Obsolete in feisty-security on 2009-08-20
libpng (1.2.15~beta5-1ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: denial of service via a crafted PNG image
  * fix for pngpread.c and pngrutil.c to properly do bounds checking on read
    operations
  * SECURITY UPDATE: denial of service via a crafted PNG image
  * fix for pngset.c to properly check palette size in png_set_hIST
  * References
    CVE-2007-5269
    CVE-2007-5268

 -- Jamie Strandboge <email address hidden>   Mon, 15 Oct 2007 09:27:22 -0400
Superseded in intrepid-release on 2008-05-03
Published in hardy-release on 2007-10-23
libpng (1.2.15~beta5-3) unstable; urgency=high

  * ACKed NMU. 
  * Fixed out-of-bounds read operations triggered by crafted
    png image files (CVE-2007-5269) (Closes: #446308).

Superseded in hardy-release on 2007-10-23
Obsolete in gutsy-release on 2011-09-16
libpng (1.2.15~beta5-2build1) gutsy; urgency=low

  * Trigger rebuild for hppa

 -- LaMont Jones <email address hidden>   Thu, 04 Oct 2007 20:23:02 -0600
Superseded in dapper-updates on 2007-11-17
Superseded in dapper-security on 2007-10-25
libpng (1.2.8rel-5ubuntu0.2) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted CRC.
  * pngrutil.c: upstream fixes applied inline.
  * References
    CVE-2007-2445

 -- Kees Cook <email address hidden>   Mon, 11 Jun 2007 12:20:59 -0700
Superseded in edgy-updates on 2007-11-17
Superseded in edgy-security on 2007-10-25
libpng (1.2.8rel-5.1ubuntu0.2) edgy-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted CRC.
  * pngrutil.c: upstream fixes applied inline.
  * References
    CVE-2007-2445

 -- Kees Cook <email address hidden>   Mon, 11 Jun 2007 12:20:59 -0700
Superseded in feisty-updates on 2007-11-17
Superseded in feisty-security on 2007-10-25
libpng (1.2.15~beta5-1ubuntu1) feisty-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted CRC.
  * pngrutil.c: upstream fixes applied inline.
  * References
    CVE-2007-2445

 -- Kees Cook <email address hidden>   Mon, 11 Jun 2007 12:20:59 -0700
Superseded in gutsy-release on 2007-10-05
libpng (1.2.15~beta5-2) unstable; urgency=high

  * It seems that a grayscale image with a malformed (bad CRC) tRNS
    chunk will crash libpng and mozilla. Closes: #424729.
    - CVE-2007-2445
      http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
    - CERT Vulnerability Note VU#684664
      http://www.kb.cert.org/vuls/id/684664

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  18 May 2007 09:36:23 +0100
Superseded in gutsy-release on 2007-05-18
Obsolete in feisty-release on 2009-08-20
libpng (1.2.15~beta5-1) unstable; urgency=low

  * Applied legacy_symbols.patch.
  * Changed shlibs dependecy versions to ">= 1.2.13-4".
  * libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
    pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
    povray-3.5 (<= 3.5.0c-10).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  20 Dec 2006 12:59:06 +0000
Superseded in feisty-release on 2006-12-20
libpng (1.2.15~beta5-0) unstable; urgency=high

  * New upstream release.
    - Fixed asm API functions not exported on amd64. Closes: #401044.
    - Fixed "libpng hangs when saving profile". Closes: #401423.
  * Fixed "Incorrect shlibs information". Closes: #401465.
  * Removed patches for png.h and pngconf.h.
  * Updated debian/watch.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  12 Dec 2006 10:58:30 +0000
Superseded in feisty-release on 2006-12-12
libpng (1.2.13-4) unstable; urgency=low

  * Removed drop_pass_width patch. Closes: #399499.

175 of 85 results