Ubuntu
libpng package

Change logs for libpng source package in Oneiric

  1. Oneiric (11.10)
  2. Change log 
  • libpng (1.2.46-3ubuntu1.3) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:27:19 -0400
  • libpng (1.2.46-3ubuntu1.2) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/CVE-2011-3045.patch: use correct type, properly handle
      odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:20:13 -0400
  • libpng (1.2.46-3ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:10:29 -0600
  • libpng (1.2.46-3ubuntu1) oneiric; urgency=low

  * Revert to gzip compression for libpng12-0's data tarball.  Packages in
    the base system may not use bzip2.
 -- Colin Watson <email address hidden>   Wed, 10 Aug 2011 21:25:16 +0100
  • libpng (1.2.46-3) unstable; urgency=low

  * libpng12-0-udeb: Don't use bzip2 compression
    Closes: 634865

libpng (1.2.46-2) unstable; urgency=low

  [ Steve Langasek ]
  * Build for multiarch.  Requires converting libpng3 from Arch: all to
    Arch: any. Closes: 634151
  * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
    directory to the udeb.

  [ Anibal Monsalve Salazar ]
  * Fix doc-base file
    Closes: 633944, 633957, 634120
  * Pass "-Zbzip2 -z9" to dpkg-deb

libpng (1.2.46-1) unstable; urgency=high

  * New upstream release (Closes: #633871).
    - Fix CVE: CVE-2011-2690
      Buffer overwrite in png_rgb_to_gray
    - CVE: CVE-2011-2691
      Crash in png_default_error due to use of NULL Pointer
    - CVE: CVE-2011-2692
      Memory corruption when handling empty sCAL chunks
    - Update patches/01-legacy.patch
    - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.

libpng (1.2.44-3) unstable; urgency=high

  * Fix 1-byte uninitialized memory reference in png_format_buffer()
    Fix CVE-2011-2501
    Add debian/patches/02-632786-CVE-2011-2501.patch
    Closes: 632786
  * Standards version is 3.9.2
  * Fix xc-package-type-in-debian-control
  * Fix debian-rules-missing-recommended-target
 -- Marc Deslauriers <email address hidden>   Wed,  10 Aug 2011 11:47:25 +0000
  • libpng (1.2.44-2ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Build for multiarch.  Requires converting libpng3 from Arch: all to
      Arch: any.
    - Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
      directory to the udeb.
  * debian/libpng3.links: do not create gratuitous soname-versioned symlinks
    in /lib.  We only need one copy of this symlink on the path, under
    /usr/lib.

libpng (1.2.44-2) unstable; urgency=low

  * debian/libpng3.links: fix up the compat symlink to point to /lib
    Patch by Steve Langasek
    Closes: #579074, LP: #284325
 -- Steve Langasek <email address hidden>   Tue, 17 May 2011 02:12:46 -0700
  • libpng (1.2.44-1ubuntu3) natty; urgency=low

  * Build for multiarch.  Requires converting libpng3 from Arch: all to
    Arch: any.
  * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
    directory to the udeb.
 -- Steve Langasek <email address hidden>   Sat, 19 Mar 2011 17:51:38 -0700