-
libpng (1.2.37-1ubuntu0.2) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- debian/patches/03-CVE-2010-1205.patch: check for unexpected data
after the last row in pngpread.c.
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- debian/patches/04-CVE-2010-2249.patch: properly free memory in
pngrutil.c.
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 11:44:13 -0400
-
libpng (1.2.37-1ubuntu0.1) karmic-security; urgency=low
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
method in pngrutil.c.
- CVE-2010-0205
-- Marc Deslauriers <email address hidden> Fri, 12 Mar 2010 10:53:26 -0500
-
libpng (1.2.37-1) unstable; urgency=low
* New upstream release
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Jun 2009 19:17:04 +0100
-
libpng (1.2.36-1) unstable; urgency=low
* New upstream release
* Standards-Version is 3.8.1
* debhelper compat is 7
* Run dh_prep instead of dh_clean -k
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 01 Jun 2009 10:43:55 +0100
-
libpng (1.2.35-1) unstable; urgency=high
* New upstream release
- http://secunia.com/advisories/33970/
Fix a vulnerability reported by Tavis Ormandy in which
some arrays of pointers are not initialized prior to using
"malloc" to define the pointers.
Closes: #516256
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
The png_check_keyword function in pngwutil.c in libpng, might
allow context-dependent attackers to set the value of an
arbitrary memory location to zero via vectors involving
creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
Closes: #486415
libpng (1.2.33-2) unstable; urgency=low
* Fix the following lintian issues:
W: libpng12-0: copyright-refers-to-versionless-license-file
usr/share/common-licenses/GPL
libpng (1.2.33-1) experimental; urgency=low
* New upstream release
- Fix memory leak after reading a malformed tEXt chunk
libpng (1.2.32-1) experimental; urgency=low
* New upstream release
- libpng.pc is configured to do static linking; closes: #483477
- use autoconf variables in .pc and libpng-config; closes: #483478
* Remove debian/patches/02-501109-pngtest.c.diff; it was merged
-- Jamie Strandboge <email address hidden> Thu, 14 May 2009 21:50:43 +0100
-
libpng (1.2.27-2ubuntu2) jaunty; urgency=low
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
new_key to NULL string
- CVE-2008-5907
-- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 14:15:45 -0600