Ubuntu
libpng package

Change logs for libpng source package in Maverick

  1. Maverick (10.10)
  2. Change log 
  • libpng (1.2.44-1ubuntu0.4) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:41:07 -0400
  • libpng (1.2.44-1ubuntu0.3) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/06-CVE-2011-3045.patch: use correct type, properly
      handle odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:34:30 -0400
  • libpng (1.2.44-1ubuntu0.2) maverick-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:18:29 -0600
  • libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jul 2011 08:31:17 -0400
  • libpng (1.2.44-1) unstable; urgency=low

  * New upstream release
    Stop memory leak when reading a malformed sCAL chunk
 -- Michael Bienia <email address hidden>   Sat, 26 Jun 2010 13:32:43 +1000
  • libpng (1.2.43-1) unstable; urgency=high

  * New upstream release 
  * Fix CVE-2010-0205 and Cert VU#576029
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
    https://www.kb.cert.org/vuls/id/576029
    Do not stall and consume large quantities of memory while processing
    certain Portable Network Graphics (PNG) files
    Closes: 572308

libpng (1.2.42-2) unstable; urgency=low

  * Merge 1.2.42-1ubuntu1
    Move libpng from /usr/lib to /lib, so that plymouth is usable on
    systems with a separate /usr.
  * Fix out-of-date-standards-version
 -- Marc Deslauriers <email address hidden>   Mon,  14 Jun 2010 20:29:24 +0100
  • libpng (1.2.42-1ubuntu2) lucid; urgency=low

  * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
    - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
      method in pngrutil.c.
    - CVE-2010-0205
 -- Marc Deslauriers <email address hidden>   Thu, 11 Mar 2010 14:22:24 -0500