Debian
libpng package

Change logs for libpng source package in Lenny

  1. Lenny (5.0)
  2. Change log 
  • libpng (1.2.27-2+lenny5) oldstable-security; urgency=low


  * Apply upstream patch to 1-byte uninitialized memory reference in
    png_format_buffer(). (Closes: #632786, CVE-2011-2501)
  * Apply upstream patch to buffer overwrite in png_rgb_to_gray.
    (Closes: #633871, CVE-2011-2690)
  * Apply upstream patch to crash in png_default_error due to use of
    NULL Pointer. (Closes: #633871, CVE-2011-2691)
  * Apply upstream patch to memory corruption when handling empty sCAL chunks.
    (Closes: #633871, CVE-2011-2692)

 -- Nobuhiro Iwamatsu <email address hidden>  Sat, 16 Jul 2011 05:13:23 +0900
  • libpng (1.2.27-2+lenny4) stable-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-1205: Buffer overflow in pngpread.c (Closes: #587670)
  * Fixed CVE-2010-2249: Memory leak in pngrutil.c

 -- Giuseppe Iuculano <email address hidden>  Sat, 17 Jul 2010 12:03:12 +0200
  • libpng (1.2.27-2+lenny3) stable-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
    width values that are not divisible by 8, which causes libpng to include
    uninitialized bits in certain rows of a PNG file and might allow remote
    attackers to read portions of sensitive memory via "out-of-bounds pixels"
    in the file (Closes: 533676)
  * Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
    data that has a disproportionately large uncompressed representation, which
    allows remote attackers to cause a denial of service (memory and CPU
    consumption, and  application hang) via a crafted PNG file (Closes: #572308)

 -- Giuseppe Iuculano <email address hidden>  Sun, 11 Apr 2010 11:40:33 +0200
  • libpng (1.2.27-2+lenny2) stable-security; urgency=high


  * Fix memory leak on CRC errors in tEXt chunks (CVE-2008-6218).

 -- Florian Weimer <email address hidden>  Thu, 19 Mar 2009 21:27:33 +0100
  • libpng (1.2.27-2) unstable; urgency=medium


  * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109 
  * Standards-Version is 3.8.0

 -- Anibal Monsalve Salazar <email address hidden>  Sat, 04 Oct 2008 19:45:17 +1000