-
libpng (1.2.44-1+squeeze4) stable-security; urgency=low
* CVE-2011-3048
-- Moritz Muehlenhoff <email address hidden> Wed, 04 Apr 2012 18:08:48 +0000
-
libpng (1.2.44-1+squeeze1) stable-security; urgency=high
* Apply upstream patch to 1-byte uninitialized memory reference in
png_format_buffer(). (Closes: #632786, CVE-2011-2501)
* Apply upstream patch to buffer overwrite in png_rgb_to_gray.
(Closes: #633871, CVE-2011-2690)
* Apply upstream patch to crash in png_default_error due to use of
NULL Pointer. (Closes: #633871, CVE-2011-2691)
* Apply upstream patch to memory corruption when handling empty sCAL chunks.
(Closes: #633871, CVE-2011-2692)
-- Nobuhiro Iwamatsu <email address hidden> Fri, 15 Jul 2011 13:06:17 +0900
-
libpng (1.2.44-1) unstable; urgency=low
* New upstream release
Stop memory leak when reading a malformed sCAL chunk
-- Anibal Monsalve Salazar <email address hidden> Sat, 26 Jun 2010 13:32:43 +1000
-
libpng (1.2.43-1) unstable; urgency=high
* New upstream release
* Fix CVE-2010-0205 and Cert VU#576029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
https://www.kb.cert.org/vuls/id/576029
Do not stall and consume large quantities of memory while processing
certain Portable Network Graphics (PNG) files
Closes: 572308
-- Anibal Monsalve Salazar <email address hidden> Wed, 03 Mar 2010 16:44:47 +1100
-
libpng (1.2.42-2) unstable; urgency=low
* Merge 1.2.42-1ubuntu1
Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
* Fix out-of-date-standards-version
-- Anibal Monsalve Salazar <email address hidden> Sun, 14 Feb 2010 13:09:51 +1100
-
libpng (1.2.42-1) unstable; urgency=low
* New upstream release
* Remove 02-export-png_set_strip_error_numbers.patch (merged)
* Fix debhelper-but-no-misc-depends
-- Anibal Monsalve Salazar <email address hidden> Sat, 16 Jan 2010 17:53:14 +1100
-
libpng (1.2.41-1) unstable; urgency=low
* New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
Define PNG_ERROR_NUMBERS_SUPPORTED
Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
exported.
-- Anibal Monsalve Salazar <email address hidden> Fri, 04 Dec 2009 11:23:50 +1100
-
libpng (1.2.40-1) unstable; urgency=low
* New upstream release
-- Anibal Monsalve Salazar <email address hidden> Wed, 07 Oct 2009 12:44:09 +1100
-
libpng (1.2.39-1) unstable; urgency=low
* New upstream release
* Fix out-of-date-standards-version
* Fix patch-system-but-no-source-readme
-- Anibal Monsalve Salazar <email address hidden> Thu, 20 Aug 2009 14:57:46 +1000
-
libpng (1.2.38-1) unstable; urgency=low
* New upstream release
* Fix out-of-date-standards-version
* Update upstream homepage
Closes: 536474
-- Anibal Monsalve Salazar <email address hidden> Sat, 18 Jul 2009 05:44:23 +1000
-
libpng (1.2.37-1) unstable; urgency=low
* New upstream release
-- Anibal Monsalve Salazar <email address hidden> Thu, 04 Jun 2009 23:03:58 +1000
-
libpng (1.2.35-1) unstable; urgency=high
* New upstream release
- http://secunia.com/advisories/33970/
Fix a vulnerability reported by Tavis Ormandy in which
some arrays of pointers are not initialized prior to using
"malloc" to define the pointers.
Closes: #516256
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
The png_check_keyword function in pngwutil.c in libpng, might
allow context-dependent attackers to set the value of an
arbitrary memory location to zero via vectors involving
creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
Closes: #486415
-- Anibal Monsalve Salazar <email address hidden> Sat, 21 Feb 2009 15:50:52 +1100
-
libpng (1.2.27-2) unstable; urgency=medium
* Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0
-- Anibal Monsalve Salazar <email address hidden> Sat, 04 Oct 2008 19:45:17 +1000
