Ubuntu
libpng package

  1. Bug #7306
  2. Comment #9

Comment 9 for bug 7306

Revision history for this message
In , Josselin Mouette (joss) wrote : Bug#263500: fixed in libpng3 1.2.5.0-7

Source: libpng3
Source-Version: 1.2.5.0-7

We believe that the bug you reported is fixed in the latest version of
libpng3, which is due to be installed in the Debian FTP archive:

libpng12-0-udeb_1.2.5.0-7_i386.udeb
  to pool/main/libp/libpng3/libpng12-0-udeb_1.2.5.0-7_i386.udeb
libpng12-0_1.2.5.0-7_i386.deb
  to pool/main/libp/libpng3/libpng12-0_1.2.5.0-7_i386.deb
libpng12-dev_1.2.5.0-7_i386.deb
  to pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7_i386.deb
libpng3-dev_1.2.5.0-7_all.deb
  to pool/main/libp/libpng3/libpng3-dev_1.2.5.0-7_all.deb
libpng3_1.2.5.0-7.diff.gz
  to pool/main/libp/libpng3/libpng3_1.2.5.0-7.diff.gz
libpng3_1.2.5.0-7.dsc
  to pool/main/libp/libpng3/libpng3_1.2.5.0-7.dsc
libpng3_1.2.5.0-7_all.deb
  to pool/main/libp/libpng3/libpng3_1.2.5.0-7_all.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <email address hidden> (supplier of updated libpng3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 5 Aug 2004 12:37:32 +0200
Source: libpng3
Binary: libpng3-dev libpng12-dev libpng12-0 libpng12-0-udeb libpng3
Architecture: source all i386
Version: 1.2.5.0-7
Distribution: unstable
Urgency: high
Maintainer: Josselin Mouette <email address hidden>
Changed-By: Josselin Mouette <email address hidden>
Description:
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3 - PNG library - runtime
 libpng3-dev - PNG library - development, compatibility package
Closes: 263500
Changes:
 libpng3 (1.2.5.0-7) unstable; urgency=high
 .
   * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
     buffer offsets [CAN-2004-0768].
   * png.h, pngpread.c, pngrutil.c: patch from Chris Evans
     <email address hidden> to fix several vulnerabilities (closes: #263500):
     + libpng fails to properly check length on PNG data [CAN-2004-0597].
     + libpng "png_handle_sBIT" does not perform proper checks to avoid stack
       buffer overflow [CAN-2004-0597].
     + libpng "png_handle_iCCP" possible NULL-pointer crash
       [CAN-2004-0598].
     + libpng "png_handle_sPLT" possible integer overflow
       [CAN-2004-0599].
     + libpng "png_read_png" does not properly handle a PNG with excessive
       height (integer overflow) [CAN-2004-0599].
     + libpng progressive reading integer overflow [CAN-2004-0599].
Files:
 156ff5587d1ca56c3a3c1ec8c8238138 635 libs optional libpng3_1.2.5.0-7.dsc
 688f6347dbee0df26e23705185502bca 13820 libs optional libpng3_1.2.5.0-7.diff.gz
 c6664206b2830de36ca68835b46f5097 940 libs optional libpng3_1.2.5.0-7_all.deb
 2cf77494dd1af5cb1731feed361ebb95 934 libdevel optional libpng3-dev_1.2.5.0-7_all.deb
 713dfd2e484f2d762d6864f024ff5eff 110100 libs optional libpng12-0_1.2.5.0-7_i386.deb
 83d090e3cc2782f054aa4680ef3711fa 238510 libdevel optional libpng12-dev_1.2.5.0-7_i386.deb
 4ca10db90ca9d491ce26b8094a8e0ce1 71140 debian-installer optional libpng12-0-udeb_1.2.5.0-7_i386.udeb
package-type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBEhQRrSla4ddfhTMRAroiAKCc8R1qMK+4AZEd1bhZT5b7krtjHwCfVY5z
/yAj+zrbkAfBgBNzAlgfu60=
=UbVb
-----END PGP SIGNATURE-----