Change log for libpng package in Ubuntu
| 1 → 75 of 104 results | First • Previous • Next • Last |
libpng (1.2.46-3ubuntu4.3) precise-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2016-10087.patch: fix in png.c.
- CVE-2016-10087
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Jul 2018 16:56:50 -0300
Available diffs
libpng (1.2.54-1ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2016-10087.patch: fix in png.c.
- CVE-2016-10087
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Jul 2018 16:59:38 -0300
Available diffs
libpng (1.2.50-1ubuntu2.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2016-10087.patch: fix in png.c.
- CVE-2016-10087
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Jul 2018 16:58:16 -0300
| Deleted in yakkety-release (Reason: RoQA; superseded by libpng1.6; Debian bug #822318; LP: #1...) |
| Superseded in yakkety-release |
| Superseded in yakkety-release |
| Superseded in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
libpng (1.2.54-6ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
Available diffs
| Superseded in yakkety-proposed |
libpng (1.2.54-1ubuntu2) yakkety; urgency=medium * No-change rebuild for libpng soname change. -- Matthias Klose <email address hidden> Fri, 22 Apr 2016 23:51:01 +0000
Available diffs
- diff from 1.2.54-1ubuntu1 to 1.2.54-1ubuntu2 (355 bytes)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
libpng (1.2.54-1ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
-- Marc Deslauriers <email address hidden> Wed, 06 Jan 2016 12:39:08 -0500
Available diffs
libpng (1.2.51-0ubuntu3.15.10.2) wily-security; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
-- Marc Deslauriers <email address hidden> Fri, 18 Dec 2015 09:49:01 -0500
Available diffs
libpng (1.2.51-0ubuntu3.15.04.2) vivid-security; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
-- Marc Deslauriers <email address hidden> Fri, 18 Dec 2015 09:53:37 -0500
Available diffs
libpng (1.2.50-1ubuntu2.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
-- Marc Deslauriers <email address hidden> Fri, 18 Dec 2015 09:54:17 -0500
Available diffs
libpng (1.2.46-3ubuntu4.2) precise-security; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
-- Marc Deslauriers <email address hidden> Fri, 18 Dec 2015 09:54:56 -0500
Available diffs
libpng (1.2.46-3ubuntu4.1) precise-security; urgency=medium
[ Andrew Starr-Bochicchio ]
* SECURITY UPDATE: Multiple buffer overflows in the (1) png_set_PLTE
and (2) png_get_PLTE (LP: #1516592).
- debian/patches/CVE-2015-8126.diff: Prevent writing over-length
PLTE chunk and silently truncate over-length PLTE chunk while reading.
Backported from upstream patch.
- CVE-2015-8126
[ Marc Deslauriers ]
* SECURITY UPDATE: out of bounds read in png_set_tIME
- debian/patches/CVE-2015-7981.patch: check bounds in png.c and
pngset.c.
- CVE-2015-7981
* SECURITY UPDATE: out of bounds read in png_push_read_zTXt
- debian/patches/CVE-2012-3425.patch: check for truncated chunk in
pngpread.c.
- CVE-2012-3425
-- Marc Deslauriers <email address hidden> Thu, 19 Nov 2015 08:05:59 -0500
Available diffs
libpng (1.2.51-0ubuntu3.15.04.1) vivid-security; urgency=medium
[ Andrew Starr-Bochicchio ]
* SECURITY UPDATE: Multiple buffer overflows in the (1) png_set_PLTE
and (2) png_get_PLTE (LP: #1516592).
- debian/patches/CVE-2015-8126.diff: Prevent writing over-length
PLTE chunk and silently truncate over-length PLTE chunk while reading.
Backported from upstream patch.
- CVE-2015-8126
[ Marc Deslauriers ]
* SECURITY UPDATE: out of bounds read in png_set_tIME
- debian/patches/CVE-2015-7981.patch: check bounds in png.c and
pngset.c.
- CVE-2015-7981
-- Marc Deslauriers <email address hidden> Thu, 19 Nov 2015 07:59:38 -0500
Available diffs
libpng (1.2.51-0ubuntu3.15.10.1) wily-security; urgency=medium
[ Andrew Starr-Bochicchio ]
* SECURITY UPDATE: Multiple buffer overflows in the (1) png_set_PLTE
and (2) png_get_PLTE (LP: #1516592).
- debian/patches/CVE-2015-8126.diff: Prevent writing over-length
PLTE chunk and silently truncate over-length PLTE chunk while reading.
Backported from upstream patch.
- CVE-2015-8126
[ Marc Deslauriers ]
* SECURITY UPDATE: out of bounds read in png_set_tIME
- debian/patches/CVE-2015-7981.patch: check bounds in png.c and
pngset.c.
- CVE-2015-7981
-- Marc Deslauriers <email address hidden> Thu, 19 Nov 2015 07:56:29 -0500
Available diffs
libpng (1.2.50-1ubuntu2.14.04.1) trusty-security; urgency=medium
[ Andrew Starr-Bochicchio ]
* SECURITY UPDATE: Multiple buffer overflows in the (1) png_set_PLTE
and (2) png_get_PLTE (LP: #1516592).
- debian/patches/CVE-2015-8126.diff: Prevent writing over-length
PLTE chunk and silently truncate over-length PLTE chunk while reading.
Backported from upstream patch.
- CVE-2015-8126
[ Marc Deslauriers ]
* SECURITY UPDATE: out of bounds read in png_set_tIME
- debian/patches/CVE-2015-7981.patch: check bounds in png.c and
pngset.c.
- CVE-2015-7981
-- Marc Deslauriers <email address hidden> Thu, 19 Nov 2015 08:02:50 -0500
Available diffs
libpng (1.2.54-1) unstable; urgency=medium
* New upstream release. (Closes: #803078, #805113)
* Remove patches/02-required-space.patch.
Already applied in upstream.
* Bumped standards version to 3.9.6.
-- Nobuhiro Iwamatsu <email address hidden> Wed, 18 Nov 2015 11:00:42 +0900
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Obsolete in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
libpng (1.2.51-0ubuntu3) utopic; urgency=medium * No-change rebuild to get debug symbols on all architectures. -- Brian Murray <email address hidden> Tue, 21 Oct 2014 11:29:36 -0700
Available diffs
- diff from 1.2.51-0ubuntu2 to 1.2.51-0ubuntu3 (328 bytes)
libpng (1.2.51-0ubuntu2) utopic; urgency=medium * New upstream version. * Build using dh_autoreconf. -- Matthias Klose <email address hidden> Fri, 25 Jul 2014 14:04:48 +0200
Available diffs
- diff from 1.2.50-1ubuntu3 to 1.2.51-0ubuntu2 (311.5 KiB)
- diff from 1.2.51-0ubuntu1 to 1.2.51-0ubuntu2 (1.2 KiB)
| Superseded in utopic-proposed |
libpng (1.2.51-0ubuntu1) utopic; urgency=medium * New upstream version. -- Matthias Klose <email address hidden> Fri, 25 Jul 2014 14:04:48 +0200
Available diffs
- diff from 1.2.50-1ubuntu3 to 1.2.51-0ubuntu1 (310.7 KiB)
libpng (1.2.50-1ubuntu3) utopic; urgency=medium
* Make the -dev package Multi-Arch: same. Closes: #689092.
* Don't hard-code the libdir in libpng-config, and error out when
using the libpng-config --libdir option.
-- Matthias Klose <email address hidden> Thu, 19 Jun 2014 11:20:33 +0200
Available diffs
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
libpng (1.2.50-1ubuntu2) trusty; urgency=medium
* Add debian/patches/02-required-space.patch, thanks to Dan Kegel for the
patch. (LP: #1298779)
-- Brian Murray <email address hidden> Mon, 31 Mar 2014 14:20:51 -0700
Available diffs
- diff from 1.2.50-1ubuntu1 to 1.2.50-1ubuntu2 (884 bytes)
libpng (1.2.50-1ubuntu1) trusty; urgency=medium
* Merge from Debian testing. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
* Drop our autopkgtest changes, debian has those now
Available diffs
- diff from 1.2.49-5ubuntu1 to 1.2.50-1ubuntu1 (93.7 KiB)
libpng (1.2.49-5ubuntu1) trusty; urgency=low
* Merge from Debian testing. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
- Add debian/tests: Simple compile/link/run autopkgtest
Available diffs
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
libpng (1.2.49-4ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
- Add debian/tests: Simple compile/link/run autopkgtest
Available diffs
- diff from 1.2.49-1ubuntu2 to 1.2.49-4ubuntu1 (948 bytes)
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
libpng (1.2.49-1ubuntu2) raring; urgency=low * Add debian/tests: Simple compile/link/run autopkgtest. (LP: #1073538) -- Rafal Cieslak <email address hidden> Wed, 31 Oct 2012 16:43:53 +0100
Available diffs
libpng (1.2.49-1ubuntu1) quantal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
Available diffs
- diff from 1.2.46-3ubuntu4 to 1.2.49-1ubuntu1 (102.9 KiB)
libpng (1.2.46-3ubuntu4) precise; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:21:56 -0400
Available diffs
- diff from 1.2.46-3ubuntu3 to 1.2.46-3ubuntu4 (1021 bytes)
libpng (1.2.42-1ubuntu2.5) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:43:48 -0400
Available diffs
libpng (1.2.15~beta5-3ubuntu0.7) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- pngset.c: correctly restore to previous condition.
- Patch from Debian's 1.2.44-1+squeeze4 update
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:47:42 -0400
Available diffs
libpng (1.2.44-1ubuntu0.4) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:41:07 -0400
Available diffs
libpng (1.2.44-1ubuntu3.4) natty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:40:00 -0400
Available diffs
libpng (1.2.46-3ubuntu1.3) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:27:19 -0400
Available diffs
| Superseded in precise-release |
libpng (1.2.46-3ubuntu3) precise; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/CVE-2011-3045.patch: use correct type, properly handle
odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:16:18 -0400
Available diffs
libpng (1.2.15~beta5-3ubuntu0.6) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- pngrutil.c: use correct type, properly handle odd chunk lengths, fix
off-by-one.
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:41:22 -0400
Available diffs
libpng (1.2.44-1ubuntu0.3) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/06-CVE-2011-3045.patch: use correct type, properly
handle odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:34:30 -0400
Available diffs
libpng (1.2.42-1ubuntu2.4) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/09-CVE-2011-3045.patch: use correct type, properly
handle odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:38:15 -0400
Available diffs
libpng (1.2.44-1ubuntu3.3) natty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/06-CVE-2011-3045.patch: use correct type, properly
handle odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:21:56 -0400
Available diffs
libpng (1.2.46-3ubuntu1.2) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/CVE-2011-3045.patch: use correct type, properly handle
odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:20:13 -0400
Available diffs
| Superseded in precise-release |
libpng (1.2.46-3ubuntu2) precise; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:10:29 -0600
Available diffs
- diff from 1.2.46-3ubuntu1 to 1.2.46-3ubuntu2 (1008 bytes)
libpng (1.2.46-3ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:10:29 -0600
Available diffs
libpng (1.2.44-1ubuntu3.2) natty-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:16:54 -0600
Available diffs
- diff from 1.2.44-1ubuntu3.1 to 1.2.44-1ubuntu3.2 (1017 bytes)
libpng (1.2.44-1ubuntu0.2) maverick-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:18:29 -0600
Available diffs
- diff from 1.2.44-1ubuntu0.1 to 1.2.44-1ubuntu0.2 (1018 bytes)
libpng (1.2.42-1ubuntu2.3) lucid-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/08-CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:22:27 -0600
Available diffs
- diff from 1.2.42-1ubuntu2.2 to 1.2.42-1ubuntu2.3 (1011 bytes)
libpng (1.2.15~beta5-3ubuntu0.5) hardy-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- adjust pngrutil.c to verify size when allocating memory in
png_decompress_chunk()
- http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
- CVE-2011-3026
* SECURITY UPDATE: Reject attempt to write iCCP chunk with negative embedded
profile length
- adjust pngwutil.c to verify that embedded_profile_len is not negative in
png_write_iCCP()
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
- CVE-2009-5063
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:23:54 -0600
Available diffs
libpng (1.2.46-3ubuntu1) oneiric; urgency=low
* Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
-- Colin Watson <email address hidden> Wed, 10 Aug 2011 21:25:16 +0100
Available diffs
- diff from 1.2.46-3 to 1.2.46-3ubuntu1 (742 bytes)
libpng (1.2.46-3) unstable; urgency=low
* libpng12-0-udeb: Don't use bzip2 compression
Closes: 634865
Available diffs
- diff from 1.2.44-2ubuntu1 to 1.2.46-3 (96.6 KiB)
libpng (1.2.44-1ubuntu3.1) natty-security; urgency=low
* SECURITY UPDATE: denial of service via error message data
- debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
pngerror.c.
- CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- debian/patches/03-CVE-2011-2690.patch: validate coefficients in
pngrtran.c.
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
pngrutil.c.
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:29:58 -0400
Available diffs
libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via error message data
- debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
pngerror.c.
- CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- debian/patches/03-CVE-2011-2690.patch: validate coefficients in
pngrtran.c.
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
pngrutil.c.
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:31:17 -0400
Available diffs
libpng (1.2.42-1ubuntu2.2) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via error message data
- debian/patches/05-CVE-2011-2501.patch: correctly calculate length in
pngerror.c.
- CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- debian/patches/06-CVE-2011-2690.patch: validate coefficients in
pngrtran.c.
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- debian/patches/07-CVE-2011-2692.patch: check sCAL chunk length in
pngrutil.c.
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:41:48 -0400
Available diffs
libpng (1.2.15~beta5-3ubuntu0.4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- pngrtran.c: validate coefficients.
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- pngrutil.c: check sCAL chunk length.
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:57:37 -0400
Available diffs
| Superseded in oneiric-release |
libpng (1.2.44-2ubuntu1) oneiric; urgency=low
* Merge from Debian unstable, remaining changes:
- Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any.
- Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
* debian/libpng3.links: do not create gratuitous soname-versioned symlinks
in /lib. We only need one copy of this symlink on the path, under
/usr/lib.
Available diffs
- diff from 1.2.44-1ubuntu3 to 1.2.44-2ubuntu1 (647 bytes)
libpng (1.2.44-1ubuntu3) natty; urgency=low
* Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any.
* Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
-- Steve Langasek <email address hidden> Sat, 19 Mar 2011 17:51:38 -0700
Available diffs
| Superseded in natty-release |
libpng (1.2.44-1ubuntu2) natty; urgency=low
* Really fix debian/libpng3.links; the symlink goes in /usr/lib and the
target in /lib, not the other way around.
-- Steve Langasek <email address hidden> Sun, 27 Feb 2011 11:21:08 -0800
Available diffs
- diff from 1.2.44-1ubuntu1 to 1.2.44-1ubuntu2 (452 bytes)
| Superseded in natty-release |
libpng (1.2.44-1ubuntu1) natty; urgency=low
* debian/libpng3.links: fix up the compat symlink to point to /lib.
Closes: #579074, LP: #284325.
-- Steve Langasek <email address hidden> Sat, 22 Jan 2011 13:21:17 -0800
Available diffs
- diff from 1.2.44-1 to 1.2.44-1ubuntu1 (723 bytes)
libpng (1.2.8rel-5ubuntu0.6) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- pngpread.c: check for unexpected data after the last row.
- patch backported from 1.2.44
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- pngrutil.c: properly free memory
- patch backported from 1.2.44
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 13:19:22 -0400
Available diffs
libpng (1.2.15~beta5-3ubuntu0.3) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- pngpread.c: check for unexpected data after the last row.
- patch backported from 1.2.44
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- pngrutil.c: properly free memory
- patch backported from 1.2.44
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 13:09:25 -0400
Available diffs
libpng (1.2.27-2ubuntu2.2) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- debian/patches/05-CVE-2010-1205.patch: check for unexpected data
after the last row in pngpread.c.
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- debian/patches/06-CVE-2010-2249.patch: properly free memory in
pngrutil.c.
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 13:00:03 -0400
Available diffs
libpng (1.2.37-1ubuntu0.2) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- debian/patches/03-CVE-2010-1205.patch: check for unexpected data
after the last row in pngpread.c.
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- debian/patches/04-CVE-2010-2249.patch: properly free memory in
pngrutil.c.
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 11:44:13 -0400
Available diffs
libpng (1.2.42-1ubuntu2.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- debian/patches/03-CVE-2010-1205.patch: check for unexpected data
after the last row in pngpread.c.
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- debian/patches/04-CVE-2010-2249.patch: properly free memory in
pngrutil.c.
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 11:27:57 -0400
Available diffs
libpng (1.2.44-1) unstable; urgency=low
* New upstream release
Stop memory leak when reading a malformed sCAL chunk
-- Michael Bienia <email address hidden> Sat, 26 Jun 2010 13:32:43 +1000
Available diffs
- diff from 1.2.43-1 to 1.2.44-1 (97.2 KiB)
libpng (1.2.43-1) unstable; urgency=high
* New upstream release
* Fix CVE-2010-0205 and Cert VU#576029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
https://www.kb.cert.org/vuls/id/576029
Do not stall and consume large quantities of memory while processing
certain Portable Network Graphics (PNG) files
Closes: 572308
Available diffs
- diff from 1.2.42-1ubuntu2 to 1.2.43-1 (110.1 KiB)
libpng (1.2.42-1ubuntu2) lucid; urgency=low * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140) - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression method in pngrutil.c. - CVE-2010-0205 -- Marc Deslauriers <email address hidden> Thu, 11 Mar 2010 14:22:24 -0500
Available diffs
libpng (1.2.8rel-5ubuntu0.5) dapper-security; urgency=low * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140) - pngrutil.c: use new two-pass decompression method backported from 1.2.43 - CVE-2010-0205 * SECURITY UPDATE: information disclosure via 1-bit interlaced images - pngrutil.c: initialize memory if interlaced - CVE-2009-2042 -- Marc Deslauriers <email address hidden> Mon, 15 Mar 2010 11:11:53 -0400
Available diffs
libpng (1.2.15~beta5-3ubuntu0.2) hardy-security; urgency=low * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140) - pngrutil.c: use new two-pass decompression method backported from 1.2.43 - CVE-2010-0205 * SECURITY UPDATE: information disclosure via 1-bit interlaced images - pngrutil.c: initialize memory if interlaced - CVE-2009-2042 -- Marc Deslauriers <email address hidden> Mon, 15 Mar 2010 11:10:10 -0400
Available diffs
libpng (1.2.27-1ubuntu0.2) intrepid-security; urgency=low * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140) - debian/patches/03-CVE-2010-0205.patch: use new two-pass decompression method in pngrutil.c. - CVE-2010-0205 * SECURITY UPDATE: information disclosure via 1-bit interlaced images - debian/patches/04-CVE-2009-2042.patch: initialize memory in pngrutil.c. - CVE-2009-2042 -- Marc Deslauriers <email address hidden> Mon, 15 Mar 2010 11:04:48 -0400
Available diffs
libpng (1.2.27-2ubuntu2.1) jaunty-security; urgency=low * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140) - debian/patches/03-CVE-2010-0205.patch: use new two-pass decompression method in pngrutil.c. - CVE-2010-0205 * SECURITY UPDATE: information disclosure via 1-bit interlaced images - debian/patches/04-CVE-2009-2042.patch: initialize memory in pngrutil.c. - CVE-2009-2042 -- Marc Deslauriers <email address hidden> Mon, 15 Mar 2010 11:00:47 -0400
Available diffs
libpng (1.2.37-1ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140) - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression method in pngrutil.c. - CVE-2010-0205 -- Marc Deslauriers <email address hidden> Fri, 12 Mar 2010 10:53:26 -0500
Available diffs
| Superseded in lucid-release |
libpng (1.2.42-1ubuntu1) lucid; urgency=low
* Merge from Debian testing. Remaining changes:
- Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
Available diffs
- diff from 1.2.41-1ubuntu1 to 1.2.42-1ubuntu1 (102.6 KiB)
| Superseded in lucid-release |
libpng (1.2.41-1ubuntu1) lucid; urgency=low
* Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
with a separate /usr.
-- Steve Langasek <email address hidden> Mon, 25 Jan 2010 00:18:15 -0800
Available diffs
- diff from 1.2.41-1 to 1.2.41-1ubuntu1 (4.3 KiB)
libpng (1.2.41-1) unstable; urgency=low
* New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
Define PNG_ERROR_NUMBERS_SUPPORTED
Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
exported.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 Dec 2009 17:42:49 +0000
Available diffs
- diff from 1.2.40-1 to 1.2.41-1 (188.1 KiB)
libpng (1.2.40-1) unstable; urgency=low * New upstream release
Available diffs
- diff from 1.2.37-1 to 1.2.40-1 (208.7 KiB)
libpng (1.2.37-1) unstable; urgency=low * New upstream release -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Jun 2009 19:17:04 +0100
Available diffs
- diff from 1.2.36-1 to 1.2.37-1 (159.4 KiB)
libpng (1.2.36-1) unstable; urgency=low * New upstream release * Standards-Version is 3.8.1 * debhelper compat is 7 * Run dh_prep instead of dh_clean -k -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 01 Jun 2009 10:43:55 +0100
Available diffs
- diff from 1.2.35-1 to 1.2.36-1 (104.2 KiB)
libpng (1.2.35-1) unstable; urgency=high
* New upstream release
- http://secunia.com/advisories/33970/
Fix a vulnerability reported by Tavis Ormandy in which
some arrays of pointers are not initialized prior to using
"malloc" to define the pointers.
Closes: #516256
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
The png_check_keyword function in pngwutil.c in libpng, might
allow context-dependent attackers to set the value of an
arbitrary memory location to zero via vectors involving
creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
Closes: #486415
Available diffs
- diff from 1.2.27-2ubuntu2 to 1.2.35-1 (228.5 KiB)
libpng (1.2.27-2ubuntu2) jaunty; urgency=low
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
new_key to NULL string
- CVE-2008-5907
-- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 14:15:45 -0600
Available diffs
libpng (1.2.8rel-5ubuntu0.4) dapper-security; urgency=low
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- patch applied inline: initialize pointers in pngread.c, pngrtans.c,
pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #217128)
- patch applied inline: initialize "unknown" chunks in pngpread.c,
pngrutil.c and pngset.c
- CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
- patch applied inline: shorten tIME_string to 29 bytes in pngtest.c
- CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- patch applied inline: update pngwutil.c to properly set new_key to NULL
string
- CVE-2008-5907
-- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 08:01:06 -0600
Available diffs
| 1 → 75 of 104 results | First • Previous • Next • Last |
