-
libpng (1.2.46-3ubuntu1.3) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:27:19 -0400
-
libpng (1.2.46-3ubuntu1.2) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/CVE-2011-3045.patch: use correct type, properly handle
odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:20:13 -0400
-
libpng (1.2.46-3ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:10:29 -0600
-
libpng (1.2.46-3ubuntu1) oneiric; urgency=low
* Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
-- Colin Watson <email address hidden> Wed, 10 Aug 2011 21:25:16 +0100
-
libpng (1.2.46-3) unstable; urgency=low
* libpng12-0-udeb: Don't use bzip2 compression
Closes: 634865
libpng (1.2.46-2) unstable; urgency=low
[ Steve Langasek ]
* Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any. Closes: 634151
* Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
[ Anibal Monsalve Salazar ]
* Fix doc-base file
Closes: 633944, 633957, 634120
* Pass "-Zbzip2 -z9" to dpkg-deb
libpng (1.2.46-1) unstable; urgency=high
* New upstream release (Closes: #633871).
- Fix CVE: CVE-2011-2690
Buffer overwrite in png_rgb_to_gray
- CVE: CVE-2011-2691
Crash in png_default_error due to use of NULL Pointer
- CVE: CVE-2011-2692
Memory corruption when handling empty sCAL chunks
- Update patches/01-legacy.patch
- Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.
libpng (1.2.44-3) unstable; urgency=high
* Fix 1-byte uninitialized memory reference in png_format_buffer()
Fix CVE-2011-2501
Add debian/patches/02-632786-CVE-2011-2501.patch
Closes: 632786
* Standards version is 3.9.2
* Fix xc-package-type-in-debian-control
* Fix debian-rules-missing-recommended-target
-- Marc Deslauriers <email address hidden> Wed, 10 Aug 2011 11:47:25 +0000
-
libpng (1.2.44-2ubuntu1) oneiric; urgency=low
* Merge from Debian unstable, remaining changes:
- Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any.
- Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
* debian/libpng3.links: do not create gratuitous soname-versioned symlinks
in /lib. We only need one copy of this symlink on the path, under
/usr/lib.
libpng (1.2.44-2) unstable; urgency=low
* debian/libpng3.links: fix up the compat symlink to point to /lib
Patch by Steve Langasek
Closes: #579074, LP: #284325
-- Steve Langasek <email address hidden> Tue, 17 May 2011 02:12:46 -0700
-
libpng (1.2.44-1ubuntu3) natty; urgency=low
* Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any.
* Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
-- Steve Langasek <email address hidden> Sat, 19 Mar 2011 17:51:38 -0700