Change logs for libpng source package in Wheezy

libpng (1.2.49-1+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add patches to address CVE-2015-8472.
    CVE-2015-8472: Incomplete fix for callers on png_set_PLTE. (Closes: #807112)
  * Add CVE-2015-8540.patch patch.
    CVE-2015-8540: underflow read in png_check_keyword(). (Closes: #807694)

 -- Salvatore Bonaccorso <email address hidden>  Thu, 07 Jan 2016 20:07:15 +0100

libpng (1.2.49-1) unstable; urgency=high


  * New upstream version 1.2.49
    - Fix CVE-2011-3048 (memory corruption flaw)
      Closes: 667475
    - Don't crash with electric fence memory debugger
      Closes: 668082
  * Merged upstream: 02-665208-CVE-2012-3045.patch 

 -- Anibal Monsalve Salazar <email address hidden>  Mon, 09 Apr 2012 12:08:13 +1000

libpng (1.2.47-2) unstable; urgency=high


  * Fix Buffer overflow
    Fix CVE-2012-3045
    Add 02-665208-CVE-2012-3045.patch
    Closes: 665208
  * Standards Version is 3.9.3

 -- Anibal Monsalve Salazar <email address hidden>  Tue, 27 Mar 2012 12:04:46 +1100

libpng (1.2.47-1) unstable; urgency=low


  * New upstream version 1.2.47

    The purpose of this release is to fix the dangerous CVE-2011-3026.
    The libpng patch is different from the one that was distributed
    earlier by Chromium, in that the libpng user limit feature is not
    crippled by the patch.

    Remove 02-660026-CVE-2011-3026.patch

 -- Anibal Monsalve Salazar <email address hidden>  Sun, 19 Feb 2012 12:10:18 +1100

libpng (1.2.46-5) unstable; urgency=high


  * Check for both truncation (64-bit platforms) and integer overflow
    Fix CVE-2011-3026
    Add 02-660026-CVE-2011-3026.patch
    Closes: 660026

 -- Anibal Monsalve Salazar <email address hidden>  Thu, 16 Feb 2012 08:21:54 +1100

libpng (1.2.46-4) unstable; urgency=low


  * Update debian/rules.
    Enabled hardened build flags. (Closes: #654149)

 -- Nobuhiro Iwamatsu <email address hidden>  Mon, 09 Jan 2012 21:23:43 +0900

libpng (1.2.46-3) unstable; urgency=low
  * libpng12-0-udeb: Don't use bzip2 compression    Closes: 634865 -- Anibal Monsalve Salazar <email address hidden>  Wed, 27 Jul 2011 12:44:46 +1000

libpng (1.2.46-1) unstable; urgency=high
  * New upstream release (Closes: #633871).    - Fix CVE: CVE-2011-2690      Buffer overwrite in png_rgb_to_gray    - CVE: CVE-2011-2691      Crash in png_default_error due to use of NULL Pointer    - CVE: CVE-2011-2692      Memory corruption when handling empty sCAL chunks    - Update patches/01-legacy.patch    - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream. -- Nobuhiro Iwamatsu <email address hidden>  Fri, 15 Jul 2011 11:47:49 +0900

libpng (1.2.44-3) unstable; urgency=high
  * Fixed 1-byte uninitialized memory reference in png_format_buffer()    Fix CVE-2011-2501    Add debian/patches/02-632786-CVE-2011-2501.patch    Closes: 632786  * Standards version is 3.9.2  * Fix xc-package-type-in-debian-control  * Fix debian-rules-missing-recommended-target -- Anibal Monsalve Salazar <email address hidden>  Wed, 06 Jul 2011 10:04:32 +1000

libpng (1.2.44-2) unstable; urgency=low
  * debian/libpng3.links: fix up the compat symlink to point to /lib    Patch by Steve Langasek    Closes: #579074, LP: #284325 -- Anibal Monsalve Salazar <email address hidden>  Sun, 13 Mar 2011 14:40:33 +1100

libpng (1.2.44-1) unstable; urgency=low


  * New upstream release 
    Stop memory leak when reading a malformed sCAL chunk

 -- Anibal Monsalve Salazar <email address hidden>  Sat, 26 Jun 2010 13:32:43 +1000