-
libpng (1.2.15~beta5-3ubuntu0.7) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- pngset.c: correctly restore to previous condition.
- Patch from Debian's 1.2.44-1+squeeze4 update
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:47:42 -0400
-
libpng (1.2.15~beta5-3ubuntu0.6) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- pngrutil.c: use correct type, properly handle odd chunk lengths, fix
off-by-one.
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:41:22 -0400
-
libpng (1.2.15~beta5-3ubuntu0.5) hardy-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- adjust pngrutil.c to verify size when allocating memory in
png_decompress_chunk()
- http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
- CVE-2011-3026
* SECURITY UPDATE: Reject attempt to write iCCP chunk with negative embedded
profile length
- adjust pngwutil.c to verify that embedded_profile_len is not negative in
png_write_iCCP()
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
- CVE-2009-5063
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:23:54 -0600
-
libpng (1.2.15~beta5-3ubuntu0.4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- pngrtran.c: validate coefficients.
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- pngrutil.c: check sCAL chunk length.
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:57:37 -0400
-
libpng (1.2.15~beta5-3ubuntu0.3) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- pngpread.c: check for unexpected data after the last row.
- patch backported from 1.2.44
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- pngrutil.c: properly free memory
- patch backported from 1.2.44
- CVE-2010-2249
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2010 13:09:25 -0400
-
libpng (1.2.15~beta5-3ubuntu0.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- pngrutil.c: use new two-pass decompression method backported from
1.2.43
- CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
- pngrutil.c: initialize memory if interlaced
- CVE-2009-2042
-- Marc Deslauriers <email address hidden> Mon, 15 Mar 2010 11:10:10 -0400
-
libpng (1.2.15~beta5-3ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #217128)
- initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
- CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
- shorten tIME_string to 29 bytes in pngtest.c
- CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- update pngwutil.c to properly set new_key to NULL string
- CVE-2008-5907
* SECURITY UPDATE: denial of service via a crafted PNG image
- fix for pngset.c to properly check palette size in png_set_hIST
- CVE-2007-5268
* SECURITY UPDATE: denial of service via a crafted PNG image
- fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations. Previous version only had a partial fix.
- CVE-2007-5269
-- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 06:39:46 -0600
-
libpng (1.2.15~beta5-3) unstable; urgency=high
* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
libpng (1.2.15~beta5-2.1) unstable; urgency=high
* Non-maintainer upload by testing security team.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Oct 2007 17:23:17 +0100
-
libpng (1.2.15~beta5-2build1) gutsy; urgency=low
* Trigger rebuild for hppa
-- LaMont Jones <email address hidden> Thu, 04 Oct 2007 20:23:02 -0600