-
libpng (1.2.42-1ubuntu2.5) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:43:48 -0400
-
libpng (1.2.42-1ubuntu2.4) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/09-CVE-2011-3045.patch: use correct type, properly
handle odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:38:15 -0400
-
libpng (1.2.42-1ubuntu2.3) lucid-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/08-CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:22:27 -0600
-
libpng (1.2.42-1ubuntu2.2) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via error message data
- debian/patches/05-CVE-2011-2501.patch: correctly calculate length in
pngerror.c.
- CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- debian/patches/06-CVE-2011-2690.patch: validate coefficients in
pngrtran.c.
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- debian/patches/07-CVE-2011-2692.patch: check sCAL chunk length in
pngrutil.c.
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:41:48 -0400
-
libpng (1.2.42-1ubuntu2.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- debian/patches/03-CVE-2010-1205.patch: check for unexpected data
after the last row in pngpread.c.
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- debian/patches/04-CVE-2010-2249.patch: properly free memory in
pngrutil.c.
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 11:27:57 -0400
-
libpng (1.2.42-1ubuntu2) lucid; urgency=low
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
method in pngrutil.c.
- CVE-2010-0205
-- Marc Deslauriers <email address hidden> Thu, 11 Mar 2010 14:22:24 -0500
-
libpng (1.2.42-1ubuntu1) lucid; urgency=low
* Merge from Debian testing. Remaining changes:
- Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
libpng (1.2.42-1) unstable; urgency=low
* New upstream release
* Remove 02-export-png_set_strip_error_numbers.patch (merged)
* Fix debhelper-but-no-misc-depends
-- Steve Langasek <email address hidden> Thu, 28 Jan 2010 11:57:34 +0000
-
libpng (1.2.41-1ubuntu1) lucid; urgency=low
* Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
with a separate /usr.
-- Steve Langasek <email address hidden> Mon, 25 Jan 2010 00:18:15 -0800
-
libpng (1.2.41-1) unstable; urgency=low
* New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
Define PNG_ERROR_NUMBERS_SUPPORTED
Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
exported.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 Dec 2009 17:42:49 +0000
-
libpng (1.2.40-1) unstable; urgency=low
* New upstream release
libpng (1.2.39-1) unstable; urgency=low
* New upstream release
* Fix out-of-date-standards-version
* Fix patch-system-but-no-source-readme
libpng (1.2.38-1) unstable; urgency=low
* New upstream release
* Fix out-of-date-standards-version
* Update upstream homepage
Closes: 536474
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 05 Nov 2009 10:36:55 +0000
-
libpng (1.2.37-1) unstable; urgency=low
* New upstream release
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Jun 2009 19:17:04 +0100
