-
libpng (1.2.44-1ubuntu3.4) natty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:40:00 -0400
-
libpng (1.2.44-1ubuntu3.3) natty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/06-CVE-2011-3045.patch: use correct type, properly
handle odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:21:56 -0400
-
libpng (1.2.44-1ubuntu3.2) natty-security; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:16:54 -0600
-
libpng (1.2.44-1ubuntu3.1) natty-security; urgency=low
* SECURITY UPDATE: denial of service via error message data
- debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
pngerror.c.
- CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- debian/patches/03-CVE-2011-2690.patch: validate coefficients in
pngrtran.c.
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
pngrutil.c.
- CVE-2011-2692
-- Marc Deslauriers <email address hidden> Tue, 26 Jul 2011 08:29:58 -0400
-
libpng (1.2.44-1ubuntu3) natty; urgency=low
* Build for multiarch. Requires converting libpng3 from Arch: all to
Arch: any.
* Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
directory to the udeb.
-- Steve Langasek <email address hidden> Sat, 19 Mar 2011 17:51:38 -0700
-
libpng (1.2.44-1ubuntu2) natty; urgency=low
* Really fix debian/libpng3.links; the symlink goes in /usr/lib and the
target in /lib, not the other way around.
-- Steve Langasek <email address hidden> Sun, 27 Feb 2011 11:21:08 -0800
-
libpng (1.2.44-1ubuntu1) natty; urgency=low
* debian/libpng3.links: fix up the compat symlink to point to /lib.
Closes: #579074, LP: #284325.
-- Steve Langasek <email address hidden> Sat, 22 Jan 2011 13:21:17 -0800
-
libpng (1.2.44-1) unstable; urgency=low
* New upstream release
Stop memory leak when reading a malformed sCAL chunk
-- Michael Bienia <email address hidden> Sat, 26 Jun 2010 13:32:43 +1000