Ubuntu
libpng package

Change logs for libpng source package in Hardy

  1. Hardy (8.04)
  2. Change log 
  • libpng (1.2.15~beta5-3ubuntu0.7) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - pngset.c: correctly restore to previous condition.
    - Patch from Debian's 1.2.44-1+squeeze4 update
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:47:42 -0400
  • libpng (1.2.15~beta5-3ubuntu0.6) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - pngrutil.c: use correct type, properly handle odd chunk lengths, fix
      off-by-one.
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:41:22 -0400
  • libpng (1.2.15~beta5-3ubuntu0.5) hardy-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - adjust pngrutil.c to verify size when allocating memory in
      png_decompress_chunk()
    - http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
    - CVE-2011-3026
  * SECURITY UPDATE: Reject attempt to write iCCP chunk with negative embedded
    profile length
    - adjust pngwutil.c to verify that embedded_profile_len is not negative in
      png_write_iCCP()
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
    - CVE-2009-5063
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:23:54 -0600
  • libpng (1.2.15~beta5-3ubuntu0.4) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - pngrtran.c: validate coefficients.
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - pngrutil.c: check sCAL chunk length.
    - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
    - CVE-2011-2692
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jul 2011 08:57:37 -0400
  • libpng (1.2.15~beta5-3ubuntu0.3) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution from additional data row via
    malformed PNG image
    - pngpread.c: check for unexpected data after the last row.
    - patch backported from 1.2.44
    - CVE-2010-1205
  * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
    chunks
    - pngrutil.c: properly free memory
    - patch backported from 1.2.44
    - CVE-2010-2249
 -- Marc Deslauriers <email address hidden>   Mon, 05 Jul 2010 13:09:25 -0400
  • libpng (1.2.15~beta5-3ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - pngrutil.c: use new two-pass decompression method backported from
      1.2.43
    - CVE-2010-0205
  * SECURITY UPDATE: information disclosure via 1-bit interlaced images
    - pngrutil.c: initialize memory if interlaced
    - CVE-2009-2042
 -- Marc Deslauriers <email address hidden>   Mon, 15 Mar 2010 11:10:10 -0400
  • libpng (1.2.15~beta5-3ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #217128)
    - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
    - CVE-2008-1382
  * SECURITY UPDATE: denial of service via off-by-one error
    - shorten tIME_string to 29 bytes in pngtest.c
    - CVE-2008-3964
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - update pngwutil.c to properly set new_key to NULL string
    - CVE-2008-5907
  * SECURITY UPDATE: denial of service via a crafted PNG image
    - fix for pngset.c to properly check palette size in png_set_hIST
    - CVE-2007-5268
  * SECURITY UPDATE: denial of service via a crafted PNG image
    - fix for pngpread.c and pngrutil.c to properly do bounds checking on read
      operations. Previous version only had a partial fix.
    - CVE-2007-5269

 -- Jamie Strandboge <email address hidden>   Thu, 05 Mar 2009 06:39:46 -0600
  • libpng (1.2.15~beta5-3) unstable; urgency=high

  * ACKed NMU. 
  * Fixed out-of-bounds read operations triggered by crafted
    png image files (CVE-2007-5269) (Closes: #446308).

libpng (1.2.15~beta5-2.1) unstable; urgency=high

  * Non-maintainer upload by testing security team.
  * Fixed out-of-bounds read operations triggered by crafted
    png image files (CVE-2007-5269) (Closes: #446308).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  23 Oct 2007 17:23:17 +0100
  • libpng (1.2.15~beta5-2build1) gutsy; urgency=low

  * Trigger rebuild for hppa

 -- LaMont Jones <email address hidden>   Thu, 04 Oct 2007 20:23:02 -0600