-
libpng (1.2.27-2+lenny5) oldstable-security; urgency=low
* Apply upstream patch to 1-byte uninitialized memory reference in
png_format_buffer(). (Closes: #632786, CVE-2011-2501)
* Apply upstream patch to buffer overwrite in png_rgb_to_gray.
(Closes: #633871, CVE-2011-2690)
* Apply upstream patch to crash in png_default_error due to use of
NULL Pointer. (Closes: #633871, CVE-2011-2691)
* Apply upstream patch to memory corruption when handling empty sCAL chunks.
(Closes: #633871, CVE-2011-2692)
-- Nobuhiro Iwamatsu <email address hidden> Sat, 16 Jul 2011 05:13:23 +0900
-
libpng (1.2.27-2+lenny4) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-1205: Buffer overflow in pngpread.c (Closes: #587670)
* Fixed CVE-2010-2249: Memory leak in pngrutil.c
-- Giuseppe Iuculano <email address hidden> Sat, 17 Jul 2010 12:03:12 +0200
-
libpng (1.2.27-2+lenny3) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
width values that are not divisible by 8, which causes libpng to include
uninitialized bits in certain rows of a PNG file and might allow remote
attackers to read portions of sensitive memory via "out-of-bounds pixels"
in the file (Closes: 533676)
* Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
data that has a disproportionately large uncompressed representation, which
allows remote attackers to cause a denial of service (memory and CPU
consumption, and application hang) via a crafted PNG file (Closes: #572308)
-- Giuseppe Iuculano <email address hidden> Sun, 11 Apr 2010 11:40:33 +0200
-
libpng (1.2.27-2+lenny2) stable-security; urgency=high
* Fix memory leak on CRC errors in tEXt chunks (CVE-2008-6218).
-- Florian Weimer <email address hidden> Thu, 19 Mar 2009 21:27:33 +0100
-
libpng (1.2.27-2) unstable; urgency=medium
* Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0
-- Anibal Monsalve Salazar <email address hidden> Sat, 04 Oct 2008 19:45:17 +1000