Change log for libpng package in Ubuntu
76 → 104 of 104 results | First • Previous • Next • Last |
libpng (1.2.15~beta5-2ubuntu0.2) gutsy-security; urgency=low * SECURITY UPDATE: denial of service and possible execution of arbitrary code via crafted image (LP: #338027) - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c - CVE-2009-0040 * SECURITY UPDATE: denial of service and possible execution of arbitrary code via crafted image (LP: #217128) - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c - CVE-2008-1382 * SECURITY UPDATE: denial of service via off-by-one error - shorten tIME_string to 29 bytes in pngtest.c - CVE-2008-3964 * SECURITY UPDATE: denial of service via incorrect memory assignment (LP: #324258) - update pngwutil.c to properly set new_key to NULL string - CVE-2008-5907 -- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 07:55:49 -0600
Available diffs
libpng (1.2.15~beta5-3ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: denial of service and possible execution of arbitrary code via crafted image (LP: #338027) - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c - CVE-2009-0040 * SECURITY UPDATE: denial of service and possible execution of arbitrary code via crafted image (LP: #217128) - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c - CVE-2008-1382 * SECURITY UPDATE: denial of service via off-by-one error - shorten tIME_string to 29 bytes in pngtest.c - CVE-2008-3964 * SECURITY UPDATE: denial of service via incorrect memory assignment (LP: #324258) - update pngwutil.c to properly set new_key to NULL string - CVE-2008-5907 * SECURITY UPDATE: denial of service via a crafted PNG image - fix for pngset.c to properly check palette size in png_set_hIST - CVE-2007-5268 * SECURITY UPDATE: denial of service via a crafted PNG image - fix for pngpread.c and pngrutil.c to properly do bounds checking on read operations. Previous version only had a partial fix. - CVE-2007-5269 -- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 06:39:46 -0600
Available diffs
libpng (1.2.27-1ubuntu0.1) intrepid-security; urgency=low * SECURITY UPDATE: denial of service and possible execution of arbitrary code via crafted image (LP: #338027) - debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c - CVE-2009-0040 * SECURITY UPDATE: denial of service via off-by-one error - debian/patches/02-CVE-2008-3964.diff: shorten tIME_string to 29 bytes in pngtest.c - CVE-2008-3964 * SECURITY UPDATE: denial of service via incorrect memory assignment (LP: #324258) - debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set new_key to NULL string - CVE-2008-5907 * debian/rules: Work around missing definition of ECHO. Backported from 1.2.27-2ubuntu1 -- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 07:37:05 -0600
Available diffs
Superseded in jaunty-release |
libpng (1.2.27-2ubuntu1) jaunty; urgency=low * debian/rules: Work around missing definition of ECHO. -- Matthias Klose <email address hidden> Sun, 16 Nov 2008 11:43:54 +0100
Available diffs
- diff from 1.2.27-2 to 1.2.27-2ubuntu1 (152.5 KiB)
libpng (1.2.27-2) unstable; urgency=medium * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109 * Standards-Version is 3.8.0 -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 04 Nov 2008 21:33:25 +0000
Available diffs
- diff from 1.2.27-1 to 1.2.27-2 (1.1 KiB)
libpng (1.2.27-1) unstable; urgency=low * New upstream release * Patches merged upstream: debian/patches/02-476669-CVE-2008-1382.diff debian/patches/03-404514-png.5.diff * Run ./autogen.sh
libpng (1.2.8rel-5ubuntu0.3) dapper-security; urgency=low * SECURITY UPDATE: denial of service via a crafted PNG image * fix for pngpread.c and pngrutil.c to properly do bounds checking on read operations * References CVE-2007-5269 -- Jamie Strandboge <email address hidden> Wed, 24 Oct 2007 15:32:56 -0400
libpng (1.2.8rel-5.1ubuntu0.3) edgy-security; urgency=low * SECURITY UPDATE: denial of service via a crafted PNG image * fix for pngpread.c and pngrutil.c to properly do bounds checking on read operations * References CVE-2007-5269 -- Jamie Strandboge <email address hidden> Wed, 24 Oct 2007 15:27:44 -0400
libpng (1.2.15~beta5-2ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: denial of service via a crafted PNG image * fix for pngpread.c and pngrutil.c to properly do bounds checking on read operations * SECURITY UPDATE: denial of service via a crafted PNG image * fix for pngset.c to properly check palette size in png_set_hIST * References CVE-2007-5269 CVE-2007-5268 * Modify Maintainer value to match the DebianMaintainerField specification. -- Jamie Strandboge <email address hidden> Wed, 24 Oct 2007 19:30:06 +0000
libpng (1.2.15~beta5-1ubuntu1.1) feisty-security; urgency=low * SECURITY UPDATE: denial of service via a crafted PNG image * fix for pngpread.c and pngrutil.c to properly do bounds checking on read operations * SECURITY UPDATE: denial of service via a crafted PNG image * fix for pngset.c to properly check palette size in png_set_hIST * References CVE-2007-5269 CVE-2007-5268 -- Jamie Strandboge <email address hidden> Mon, 15 Oct 2007 09:27:22 -0400
libpng (1.2.15~beta5-3) unstable; urgency=high * ACKed NMU. * Fixed out-of-bounds read operations triggered by crafted png image files (CVE-2007-5269) (Closes: #446308).
libpng (1.2.15~beta5-2build1) gutsy; urgency=low * Trigger rebuild for hppa -- LaMont Jones <email address hidden> Thu, 04 Oct 2007 20:23:02 -0600
libpng (1.2.8rel-5ubuntu0.2) dapper-security; urgency=low * SECURITY UPDATE: denial of service via crafted CRC. * pngrutil.c: upstream fixes applied inline. * References CVE-2007-2445 -- Kees Cook <email address hidden> Mon, 11 Jun 2007 12:20:59 -0700
libpng (1.2.8rel-5.1ubuntu0.2) edgy-security; urgency=low * SECURITY UPDATE: denial of service via crafted CRC. * pngrutil.c: upstream fixes applied inline. * References CVE-2007-2445 -- Kees Cook <email address hidden> Mon, 11 Jun 2007 12:20:59 -0700
libpng (1.2.15~beta5-1ubuntu1) feisty-security; urgency=low * SECURITY UPDATE: denial of service via crafted CRC. * pngrutil.c: upstream fixes applied inline. * References CVE-2007-2445 -- Kees Cook <email address hidden> Mon, 11 Jun 2007 12:20:59 -0700
Superseded in gutsy-release |
libpng (1.2.15~beta5-2) unstable; urgency=high * It seems that a grayscale image with a malformed (bad CRC) tRNS chunk will crash libpng and mozilla. Closes: #424729. - CVE-2007-2445 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445 - CERT Vulnerability Note VU#684664 http://www.kb.cert.org/vuls/id/684664 -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 May 2007 09:36:23 +0100
libpng (1.2.15~beta5-1) unstable; urgency=low * Applied legacy_symbols.patch. * Changed shlibs dependecy versions to ">= 1.2.13-4". * libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5), pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5), povray-3.5 (<= 3.5.0c-10). -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 20 Dec 2006 12:59:06 +0000
Superseded in feisty-release |
libpng (1.2.15~beta5-0) unstable; urgency=high * New upstream release. - Fixed asm API functions not exported on amd64. Closes: #401044. - Fixed "libpng hangs when saving profile". Closes: #401423. * Fixed "Incorrect shlibs information". Closes: #401465. * Removed patches for png.h and pngconf.h. * Updated debian/watch. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 12 Dec 2006 10:58:30 +0000
libpng (1.2.13-4) unstable; urgency=low * Removed drop_pass_width patch. Closes: #399499.
Superseded in dapper-security |
libpng (1.2.8rel-5ubuntu0.1) dapper-security; urgency=low * SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads, crashing the application using libpng. * Add 'debian/patch/ubuntu_01_splt_overflow.patch': correct png_set_sPLT to allocate correct structure. * References http://bugs.gentoo.org/show_bug.cgi?id=154380 CVE-2006-5793 -- Kees Cook <email address hidden> Wed, 15 Nov 2006 15:28:19 -0800
Superseded in edgy-security |
libpng (1.2.8rel-5.1ubuntu0.1) edgy-security; urgency=low * SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads, crashing the application using libpng. * Add 'debian/patch/ubuntu_01_splt_overflow.patch': correct png_set_sPLT to allocate correct structure. * References http://bugs.gentoo.org/show_bug.cgi?id=154380 CVE-2006-5793 -- Kees Cook <email address hidden> Wed, 15 Nov 2006 15:15:26 -0800
Obsolete in breezy-security |
libpng (1.0.18-1ubuntu3.1) breezy-security; urgency=low * SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads, crashing the application using libpng. * Add 'debian/patch/ubuntu_01_splt_overflow.patch': correct png_set_sPLT to allocate correct structure. * References http://bugs.gentoo.org/show_bug.cgi?id=154380 CVE-2006-5793 -- Kees Cook <email address hidden> Wed, 15 Nov 2006 15:28:51 -0800
Superseded in feisty-release |
libpng (1.2.8rel-7) unstable; urgency=low * New maintainer. Closes: #393109. * ACK NMUs. Closes: #378463, #377298, #356252. * debian/control: - set Standards-Version to 3.7.2. - set Priority to extra for libpng12-0-udeb. - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb dependency lists. * Added debian/watch file.
libpng (1.2.8rel-5.1) unstable; urgency=low * Non Maintainer Upload (closes: #356252). * Add support for udeb dependency resolution in shlibs file. * Update debhelper compatibility to level 5. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Jun 2006 14:45:42 +0100
libpng (1.2.8rel-5) unstable; urgency=low * drop_pass_width.patch: don't export png_pass_width, it's absolutely unnecessary. * libpng12-0.shlibs: downgrade the shlibs accordingly (closes: #331383).
libpng (1.0.18-1ubuntu3) breezy; urgency=low * Drop the gcc-3.3 build dependency as well. -- Matthias Klose <email address hidden> Mon, 22 Aug 2005 18:25:38 +0200
libpng (1.0.18-1) unstable; urgency=medium * New upstream release. * libpng10-0.shlibs: update to version 1.0.18, new flags were added. -- Josselin Mouette <email address hidden> Sat, 4 Dec 2004 16:32:24 +0100
libpng (1.0.15-6ubuntu1) warty-security; urgency=high * Upload by the Security Team * Added PNG_UINT_32_MAX macro [png.h] * Applied upstream patch to detect potential buffer overflows [png.c] * Applied upstream patch to add a check to detect a buffer overflow [pngmem.c] * Applied upstream patch to fix integer overflow [pngread.c, CAN-2004-0955] -- Fabio M. Di Nitto <email address hidden> Tue, 19 Oct 2004 05:50:37 +0200
libpng (1.0.15-6) unstable; urgency=high * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of buffer offsets [CAN-2004-0768]. * png.h, pngpread.c, pngrutil.c: patch from Chris Evans <email address hidden> to fix several vulnerabilities (closes: #263496): + libpng fails to properly check length on PNG data [CAN-2004-0597]. + libpng "png_handle_sBIT" does not perform proper checks to avoid stack buffer overflow [CAN-2004-0597]. + libpng "png_handle_iCCP" possible NULL-pointer crash [CAN-2004-0598]. + libpng "png_handle_sPLT" possible integer overflow [CAN-2004-0599]. + libpng "png_read_png" does not properly handle a PNG with excessive height (integer overflow) [CAN-2004-0599]. + libpng progressive reading integer overflow [CAN-2004-0599]. -- Josselin Mouette <email address hidden> Thu, 5 Aug 2004 12:31:39 +0200
76 → 104 of 104 results | First • Previous • Next • Last |