-
libpng (1.2.49-1+deb7u2) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patches to address CVE-2015-8472.
CVE-2015-8472: Incomplete fix for callers on png_set_PLTE. (Closes: #807112)
* Add CVE-2015-8540.patch patch.
CVE-2015-8540: underflow read in png_check_keyword(). (Closes: #807694)
-- Salvatore Bonaccorso <email address hidden> Thu, 07 Jan 2016 20:07:15 +0100
-
libpng (1.2.49-1) unstable; urgency=high
* New upstream version 1.2.49
- Fix CVE-2011-3048 (memory corruption flaw)
Closes: 667475
- Don't crash with electric fence memory debugger
Closes: 668082
* Merged upstream: 02-665208-CVE-2012-3045.patch
-- Anibal Monsalve Salazar <email address hidden> Mon, 09 Apr 2012 12:08:13 +1000
-
libpng (1.2.47-2) unstable; urgency=high
* Fix Buffer overflow
Fix CVE-2012-3045
Add 02-665208-CVE-2012-3045.patch
Closes: 665208
* Standards Version is 3.9.3
-- Anibal Monsalve Salazar <email address hidden> Tue, 27 Mar 2012 12:04:46 +1100
-
libpng (1.2.47-1) unstable; urgency=low
* New upstream version 1.2.47
The purpose of this release is to fix the dangerous CVE-2011-3026.
The libpng patch is different from the one that was distributed
earlier by Chromium, in that the libpng user limit feature is not
crippled by the patch.
Remove 02-660026-CVE-2011-3026.patch
-- Anibal Monsalve Salazar <email address hidden> Sun, 19 Feb 2012 12:10:18 +1100
-
libpng (1.2.46-5) unstable; urgency=high
* Check for both truncation (64-bit platforms) and integer overflow
Fix CVE-2011-3026
Add 02-660026-CVE-2011-3026.patch
Closes: 660026
-- Anibal Monsalve Salazar <email address hidden> Thu, 16 Feb 2012 08:21:54 +1100
-
libpng (1.2.46-4) unstable; urgency=low
* Update debian/rules.
Enabled hardened build flags. (Closes: #654149)
-- Nobuhiro Iwamatsu <email address hidden> Mon, 09 Jan 2012 21:23:43 +0900
-
libpng (1.2.46-3) unstable; urgency=low
* libpng12-0-udeb: Don't use bzip2 compression Closes: 634865 -- Anibal Monsalve Salazar <email address hidden> Wed, 27 Jul 2011 12:44:46 +1000
-
libpng (1.2.46-1) unstable; urgency=high
* New upstream release (Closes: #633871). - Fix CVE: CVE-2011-2690 Buffer overwrite in png_rgb_to_gray - CVE: CVE-2011-2691 Crash in png_default_error due to use of NULL Pointer - CVE: CVE-2011-2692 Memory corruption when handling empty sCAL chunks - Update patches/01-legacy.patch - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream. -- Nobuhiro Iwamatsu <email address hidden> Fri, 15 Jul 2011 11:47:49 +0900
-
libpng (1.2.44-3) unstable; urgency=high
* Fixed 1-byte uninitialized memory reference in png_format_buffer() Fix CVE-2011-2501 Add debian/patches/02-632786-CVE-2011-2501.patch Closes: 632786 * Standards version is 3.9.2 * Fix xc-package-type-in-debian-control * Fix debian-rules-missing-recommended-target -- Anibal Monsalve Salazar <email address hidden> Wed, 06 Jul 2011 10:04:32 +1000
-
libpng (1.2.44-2) unstable; urgency=low
* debian/libpng3.links: fix up the compat symlink to point to /lib Patch by Steve Langasek Closes: #579074, LP: #284325 -- Anibal Monsalve Salazar <email address hidden> Sun, 13 Mar 2011 14:40:33 +1100
-
libpng (1.2.44-1) unstable; urgency=low
* New upstream release
Stop memory leak when reading a malformed sCAL chunk
-- Anibal Monsalve Salazar <email address hidden> Sat, 26 Jun 2010 13:32:43 +1000