diff -Nru libpng1.6-1.6.34/debian/changelog libpng1.6-1.6.34/debian/changelog --- libpng1.6-1.6.34/debian/changelog 2017-12-13 15:39:32.000000000 +0000 +++ libpng1.6-1.6.34/debian/changelog 2018-08-23 15:13:44.000000000 +0000 @@ -1,8 +1,23 @@ -libpng1.6 (1.6.34-1~ubuntu16.04.1~ppa1) xenial; urgency=medium +libpng1.6 (1.6.34-2~ubuntu16.04.1~ppa1) xenial; urgency=medium * No-change backport to xenial - -- Gianfranco Costamagna Wed, 13 Dec 2017 16:39:32 +0100 + -- Gianfranco Costamagna Thu, 23 Aug 2018 17:13:44 +0200 + +libpng1.6 (1.6.34-2) unstable; urgency=medium + + [ Salvatore Bonaccorso ] + * debian/patches/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2.patch: + Closes: #903430 + CVE-2018-13785 + + [ Gianfranco Costamagna ] + * Upload to unstable + * Switch VCS fields to salsa.d.o + * Bump std-version to 4.1.5, no changes required + * Switch copyright in https mode + + -- Gianfranco Costamagna Tue, 10 Jul 2018 13:17:30 +0200 libpng1.6 (1.6.34-1) unstable; urgency=medium diff -Nru libpng1.6-1.6.34/debian/control libpng1.6-1.6.34/debian/control --- libpng1.6-1.6.34/debian/control 2017-09-29 06:41:24.000000000 +0000 +++ libpng1.6-1.6.34/debian/control 2018-07-10 11:16:57.000000000 +0000 @@ -6,9 +6,9 @@ Gianfranco Costamagna , Tobias Frost Build-Depends: debhelper (>= 10), zlib1g-dev, mawk -Standards-Version: 4.1.1 -VCS-Git: https://anonscm.debian.org/git/collab-maint/libpng1.6.git -VCS-Browser: https://anonscm.debian.org/cgit/collab-maint/libpng1.6.git +Standards-Version: 4.1.5 +Vcs-Browser: https://salsa.debian.org/debian/libpng1.6 +Vcs-Git: https://salsa.debian.org/debian/libpng1.6.git Homepage: http://libpng.org/pub/png/libpng.html Package: libpng16-16 diff -Nru libpng1.6-1.6.34/debian/copyright libpng1.6-1.6.34/debian/copyright --- libpng1.6-1.6.34/debian/copyright 2017-09-29 06:44:29.000000000 +0000 +++ libpng1.6-1.6.34/debian/copyright 2018-07-10 11:17:14.000000000 +0000 @@ -1,4 +1,4 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: libpng Source: http://www.libpng.org/pub/png/ diff -Nru libpng1.6-1.6.34/debian/patches/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2.patch libpng1.6-1.6.34/debian/patches/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2.patch --- libpng1.6-1.6.34/debian/patches/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2.patch 1970-01-01 00:00:00.000000000 +0000 +++ libpng1.6-1.6.34/debian/patches/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2.patch 2018-07-10 11:17:30.000000000 +0000 @@ -0,0 +1,32 @@ +From 8a05766cb74af05c04c53e6c9d60c13fc4d59bf2 Mon Sep 17 00:00:00 2001 +From: Cosmin Truta +Date: Sun, 17 Jun 2018 22:56:29 -0400 +Subject: [PATCH] [libpng16] Fix the calculation of row_factor in + png_check_chunk_length + +(Bug report by Thuan Pham, SourceForge issue #278) +--- + pngrutil.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: libpng1.6/pngrutil.c +=================================================================== +--- libpng1.6.orig/pngrutil.c ++++ libpng1.6/pngrutil.c +@@ -3149,10 +3149,13 @@ + { + png_alloc_size_t idat_limit = PNG_UINT_31_MAX; + size_t row_factor = +- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) +- + 1 + (png_ptr->interlaced? 6: 0)); ++ (size_t)png_ptr->width ++ * (size_t)png_ptr->channels ++ * (png_ptr->bit_depth > 8? 2: 1) ++ + 1 ++ + (png_ptr->interlaced? 6: 0); + if (png_ptr->height > PNG_UINT_32_MAX/row_factor) +- idat_limit=PNG_UINT_31_MAX; ++ idat_limit = PNG_UINT_31_MAX; + else + idat_limit = png_ptr->height * row_factor; + row_factor = row_factor > 32566? 32566 : row_factor; diff -Nru libpng1.6-1.6.34/debian/patches/series libpng1.6-1.6.34/debian/patches/series --- libpng1.6-1.6.34/debian/patches/series 2017-09-29 06:40:30.000000000 +0000 +++ libpng1.6-1.6.34/debian/patches/series 2018-07-10 11:17:30.000000000 +0000 @@ -1 +1,2 @@ libpng-config.patch +8a05766cb74af05c04c53e6c9d60c13fc4d59bf2.patch