-
libpng (1.2.50-1ubuntu2.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2016-10087.patch: fix in png.c.
- CVE-2016-10087
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Jul 2018 16:58:16 -0300
-
libpng (1.2.50-1ubuntu2.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
-- Marc Deslauriers <email address hidden> Fri, 18 Dec 2015 09:54:17 -0500
-
libpng (1.2.50-1ubuntu2.14.04.1) trusty-security; urgency=medium
[ Andrew Starr-Bochicchio ]
* SECURITY UPDATE: Multiple buffer overflows in the (1) png_set_PLTE
and (2) png_get_PLTE (LP: #1516592).
- debian/patches/CVE-2015-8126.diff: Prevent writing over-length
PLTE chunk and silently truncate over-length PLTE chunk while reading.
Backported from upstream patch.
- CVE-2015-8126
[ Marc Deslauriers ]
* SECURITY UPDATE: out of bounds read in png_set_tIME
- debian/patches/CVE-2015-7981.patch: check bounds in png.c and
pngset.c.
- CVE-2015-7981
-- Marc Deslauriers <email address hidden> Thu, 19 Nov 2015 08:02:50 -0500
-
libpng (1.2.50-1ubuntu2) trusty; urgency=medium
* Add debian/patches/02-required-space.patch, thanks to Dan Kegel for the
patch. (LP: #1298779)
-- Brian Murray <email address hidden> Mon, 31 Mar 2014 14:20:51 -0700
-
libpng (1.2.50-1ubuntu1) trusty; urgency=medium
* Merge from Debian testing. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
* Drop our autopkgtest changes, debian has those now
libpng (1.2.50-1) unstable; urgency=low
* New upstream release.
* Update Standards-Version to 3.9.5.
* Add support autopkgtest. (Closes: #693047)
Thanks Rafał Cieślak, Martin Pitt and Jakub Wilk.
-- Jackson Doak <email address hidden> Fri, 31 Jan 2014 06:41:50 +1100
-
libpng (1.2.49-5ubuntu1) trusty; urgency=low
* Merge from Debian testing. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
- Add debian/tests: Simple compile/link/run autopkgtest
libpng (1.2.49-5) unstable; urgency=low
[ Slávek Banko ]
* Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink
in libpng12-0, instead of libpng12-dev. (Closes: #713270)
[ Anibal Monsalve Salazar ]
* Standards-Version: 3.9.4
* Fix Lintian issue:
- libpng source: brace-expansion-in-debhelper-config-file
debian/libpng12-dev.install
-- Jackson Doak <email address hidden> Tue, 22 Oct 2013 06:41:11 +1100
-
libpng (1.2.49-4ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
- Add debian/tests: Simple compile/link/run autopkgtest
libpng (1.2.49-4) unstable; urgency=low
[ Andreas Beckmann ]
* libpng12-dev: Ship /usr/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 ->
/lib/${DEB_HOST_MULTIARCH}/libpng12.so.0 symlink, too, to prevent ldconfig
from playing ping-pong with the SONAME link. (Closes: #706181)
libpng (1.2.49-3) unstable; urgency=low
* Remove patches/02-681408-CVE-2012-3386-Makefile.in.patch.
This patch is unnecessary. This issue is already fixed in automake.
libpng (1.2.49-2) unstable; urgency=high
* Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
Add 02-681408-CVE-2012-3386-Makefile.in.patch
Closes: #681408
-- Jackson Doak <email address hidden> Thu, 22 Aug 2013 16:05:43 +1000
