Change log for libpng package in Ubuntu
| 76 → 104 of 104 results | First • Previous • Next • Last |
libpng (1.2.15~beta5-2ubuntu0.2) gutsy-security; urgency=low
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #217128)
- initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
- CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
- shorten tIME_string to 29 bytes in pngtest.c
- CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- update pngwutil.c to properly set new_key to NULL string
- CVE-2008-5907
-- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 07:55:49 -0600
Available diffs
libpng (1.2.15~beta5-3ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #217128)
- initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
- CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
- shorten tIME_string to 29 bytes in pngtest.c
- CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- update pngwutil.c to properly set new_key to NULL string
- CVE-2008-5907
* SECURITY UPDATE: denial of service via a crafted PNG image
- fix for pngset.c to properly check palette size in png_set_hIST
- CVE-2007-5268
* SECURITY UPDATE: denial of service via a crafted PNG image
- fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations. Previous version only had a partial fix.
- CVE-2007-5269
-- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 06:39:46 -0600
Available diffs
libpng (1.2.27-1ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service via off-by-one error
- debian/patches/02-CVE-2008-3964.diff: shorten tIME_string to 29 bytes in
pngtest.c
- CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
new_key to NULL string
- CVE-2008-5907
* debian/rules: Work around missing definition of ECHO. Backported from
1.2.27-2ubuntu1
-- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 07:37:05 -0600
Available diffs
| Superseded in jaunty-release |
libpng (1.2.27-2ubuntu1) jaunty; urgency=low * debian/rules: Work around missing definition of ECHO. -- Matthias Klose <email address hidden> Sun, 16 Nov 2008 11:43:54 +0100
Available diffs
- diff from 1.2.27-2 to 1.2.27-2ubuntu1 (152.5 KiB)
libpng (1.2.27-2) unstable; urgency=medium * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109 * Standards-Version is 3.8.0 -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 04 Nov 2008 21:33:25 +0000
Available diffs
- diff from 1.2.27-1 to 1.2.27-2 (1.1 KiB)
libpng (1.2.27-1) unstable; urgency=low
* New upstream release
* Patches merged upstream:
debian/patches/02-476669-CVE-2008-1382.diff
debian/patches/03-404514-png.5.diff
* Run ./autogen.sh
libpng (1.2.8rel-5ubuntu0.3) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations
* References
CVE-2007-5269
-- Jamie Strandboge <email address hidden> Wed, 24 Oct 2007 15:32:56 -0400
libpng (1.2.8rel-5.1ubuntu0.3) edgy-security; urgency=low
* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations
* References
CVE-2007-5269
-- Jamie Strandboge <email address hidden> Wed, 24 Oct 2007 15:27:44 -0400
libpng (1.2.15~beta5-2ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations
* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngset.c to properly check palette size in png_set_hIST
* References
CVE-2007-5269
CVE-2007-5268
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Jamie Strandboge <email address hidden> Wed, 24 Oct 2007 19:30:06 +0000
libpng (1.2.15~beta5-1ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations
* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngset.c to properly check palette size in png_set_hIST
* References
CVE-2007-5269
CVE-2007-5268
-- Jamie Strandboge <email address hidden> Mon, 15 Oct 2007 09:27:22 -0400
libpng (1.2.15~beta5-3) unstable; urgency=high
* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
libpng (1.2.15~beta5-2build1) gutsy; urgency=low * Trigger rebuild for hppa -- LaMont Jones <email address hidden> Thu, 04 Oct 2007 20:23:02 -0600
libpng (1.2.8rel-5ubuntu0.2) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via crafted CRC.
* pngrutil.c: upstream fixes applied inline.
* References
CVE-2007-2445
-- Kees Cook <email address hidden> Mon, 11 Jun 2007 12:20:59 -0700
libpng (1.2.8rel-5.1ubuntu0.2) edgy-security; urgency=low
* SECURITY UPDATE: denial of service via crafted CRC.
* pngrutil.c: upstream fixes applied inline.
* References
CVE-2007-2445
-- Kees Cook <email address hidden> Mon, 11 Jun 2007 12:20:59 -0700
libpng (1.2.15~beta5-1ubuntu1) feisty-security; urgency=low
* SECURITY UPDATE: denial of service via crafted CRC.
* pngrutil.c: upstream fixes applied inline.
* References
CVE-2007-2445
-- Kees Cook <email address hidden> Mon, 11 Jun 2007 12:20:59 -0700
| Superseded in gutsy-release |
libpng (1.2.15~beta5-2) unstable; urgency=high
* It seems that a grayscale image with a malformed (bad CRC) tRNS
chunk will crash libpng and mozilla. Closes: #424729.
- CVE-2007-2445
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
- CERT Vulnerability Note VU#684664
http://www.kb.cert.org/vuls/id/684664
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 May 2007 09:36:23 +0100
libpng (1.2.15~beta5-1) unstable; urgency=low
* Applied legacy_symbols.patch.
* Changed shlibs dependecy versions to ">= 1.2.13-4".
* libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
povray-3.5 (<= 3.5.0c-10).
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 20 Dec 2006 12:59:06 +0000
| Superseded in feisty-release |
libpng (1.2.15~beta5-0) unstable; urgency=high
* New upstream release.
- Fixed asm API functions not exported on amd64. Closes: #401044.
- Fixed "libpng hangs when saving profile". Closes: #401423.
* Fixed "Incorrect shlibs information". Closes: #401465.
* Removed patches for png.h and pngconf.h.
* Updated debian/watch.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 12 Dec 2006 10:58:30 +0000
libpng (1.2.13-4) unstable; urgency=low * Removed drop_pass_width patch. Closes: #399499.
| Superseded in dapper-security |
libpng (1.2.8rel-5ubuntu0.1) dapper-security; urgency=low
* SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads,
crashing the application using libpng.
* Add 'debian/patch/ubuntu_01_splt_overflow.patch': correct png_set_sPLT
to allocate correct structure.
* References
http://bugs.gentoo.org/show_bug.cgi?id=154380
CVE-2006-5793
-- Kees Cook <email address hidden> Wed, 15 Nov 2006 15:28:19 -0800
| Superseded in edgy-security |
libpng (1.2.8rel-5.1ubuntu0.1) edgy-security; urgency=low
* SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads,
crashing the application using libpng.
* Add 'debian/patch/ubuntu_01_splt_overflow.patch': correct png_set_sPLT
to allocate correct structure.
* References
http://bugs.gentoo.org/show_bug.cgi?id=154380
CVE-2006-5793
-- Kees Cook <email address hidden> Wed, 15 Nov 2006 15:15:26 -0800
| Obsolete in breezy-security |
libpng (1.0.18-1ubuntu3.1) breezy-security; urgency=low
* SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads,
crashing the application using libpng.
* Add 'debian/patch/ubuntu_01_splt_overflow.patch': correct png_set_sPLT
to allocate correct structure.
* References
http://bugs.gentoo.org/show_bug.cgi?id=154380
CVE-2006-5793
-- Kees Cook <email address hidden> Wed, 15 Nov 2006 15:28:51 -0800
| Superseded in feisty-release |
libpng (1.2.8rel-7) unstable; urgency=low
* New maintainer. Closes: #393109.
* ACK NMUs. Closes: #378463, #377298, #356252.
* debian/control:
- set Standards-Version to 3.7.2.
- set Priority to extra for libpng12-0-udeb.
- added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
dependency lists.
* Added debian/watch file.
libpng (1.2.8rel-5.1) unstable; urgency=low * Non Maintainer Upload (closes: #356252). * Add support for udeb dependency resolution in shlibs file. * Update debhelper compatibility to level 5. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Jun 2006 14:45:42 +0100
libpng (1.2.8rel-5) unstable; urgency=low
* drop_pass_width.patch: don't export png_pass_width, it's absolutely
unnecessary.
* libpng12-0.shlibs: downgrade the shlibs accordingly
(closes: #331383).
libpng (1.0.18-1ubuntu3) breezy; urgency=low * Drop the gcc-3.3 build dependency as well. -- Matthias Klose <email address hidden> Mon, 22 Aug 2005 18:25:38 +0200
libpng (1.0.18-1) unstable; urgency=medium * New upstream release. * libpng10-0.shlibs: update to version 1.0.18, new flags were added. -- Josselin Mouette <email address hidden> Sat, 4 Dec 2004 16:32:24 +0100
libpng (1.0.15-6ubuntu1) warty-security; urgency=high
* Upload by the Security Team
* Added PNG_UINT_32_MAX macro [png.h]
* Applied upstream patch to detect potential buffer overflows [png.c]
* Applied upstream patch to add a check to detect a buffer overflow
[pngmem.c]
* Applied upstream patch to fix integer overflow [pngread.c,
CAN-2004-0955]
-- Fabio M. Di Nitto <email address hidden> Tue, 19 Oct 2004 05:50:37 +0200
libpng (1.0.15-6) unstable; urgency=high
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<email address hidden> to fix several vulnerabilities (closes: #263496):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598].
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599].
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].
-- Josselin Mouette <email address hidden> Thu, 5 Aug 2004 12:31:39 +0200
| 76 → 104 of 104 results | First • Previous • Next • Last |
