-
libpng (1.2.44-1ubuntu0.4) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:41:07 -0400
-
libpng (1.2.44-1ubuntu0.3) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/06-CVE-2011-3045.patch: use correct type, properly
handle odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:34:30 -0400
-
libpng (1.2.44-1ubuntu0.2) maverick-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:18:29 -0600
-
libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via error message data
- debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
pngerror.c.
- CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- debian/patches/03-CVE-2011-2690.patch: validate coefficients in
pngrtran.c.
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
pngrutil.c.
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:31:17 -0400
-
libpng (1.2.44-1) unstable; urgency=low
* New upstream release
Stop memory leak when reading a malformed sCAL chunk
-- Michael Bienia <email address hidden> Sat, 26 Jun 2010 13:32:43 +1000
-
libpng (1.2.43-1) unstable; urgency=high
* New upstream release
* Fix CVE-2010-0205 and Cert VU#576029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
https://www.kb.cert.org/vuls/id/576029
Do not stall and consume large quantities of memory while processing
certain Portable Network Graphics (PNG) files
Closes: 572308
libpng (1.2.42-2) unstable; urgency=low
* Merge 1.2.42-1ubuntu1
Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
* Fix out-of-date-standards-version
-- Marc Deslauriers <email address hidden> Mon, 14 Jun 2010 20:29:24 +0100
-
libpng (1.2.42-1ubuntu2) lucid; urgency=low
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
method in pngrutil.c.
- CVE-2010-0205
-- Marc Deslauriers <email address hidden> Thu, 11 Mar 2010 14:22:24 -0500