“libpng” 1.2.49-1ubuntu1 source package in The Quantal Quetzal

Publishing history

PUBLISHED: Quantal pocket Release in component main and section libs
  • Published on 2012-05-24



libpng (1.2.49-1ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Revert to gzip compression for libpng12-0's data tarball. Packages in
      the base system may not use bzip2.

libpng (1.2.49-1) unstable; urgency=high

  * New upstream version 1.2.49
    - Fix CVE-2011-3048 (memory corruption flaw)
      Closes: 667475
    - Don't crash with electric fence memory debugger
      Closes: 668082
  * Merged upstream: 02-665208-CVE-2012-3045.patch

libpng (1.2.47-2) unstable; urgency=high

  * Fix Buffer overflow
    Fix CVE-2012-3045
    Add 02-665208-CVE-2012-3045.patch
    Closes: 665208
  * Standards Version is 3.9.3

libpng (1.2.47-1) unstable; urgency=low

  * New upstream version 1.2.47

    The purpose of this release is to fix the dangerous CVE-2011-3026.
    The libpng patch is different from the one that was distributed
    earlier by Chromium, in that the libpng user limit feature is not
    crippled by the patch.

    Remove 02-660026-CVE-2011-3026.patch

libpng (1.2.46-5) unstable; urgency=high

  * Check for both truncation (64-bit platforms) and integer overflow
    Fix CVE-2011-3026
    Add 02-660026-CVE-2011-3026.patch
    Closes: 660026

libpng (1.2.46-4) unstable; urgency=low

  * Update debian/rules.
    Enabled hardened build flags. (Closes: #654149)
 -- Marc Deslauriers <email address hidden>   Thu, 24 May 2012 10:13:23 -0400