Ubuntu
libpng package

Change logs for libpng source package in Natty

  1. Natty (11.04)
  2. Change log 
  • libpng (1.2.44-1ubuntu3.4) natty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    memory corruption issue.
    - debian/patches/CVE-2011-3048.patch: correctly restore to previous
      condition in pngset.c.
    - CVE-2011-3048
 -- Marc Deslauriers <email address hidden>   Thu, 05 Apr 2012 08:40:00 -0400
  • libpng (1.2.44-1ubuntu3.3) natty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect type.
    - debian/patches/06-CVE-2011-3045.patch: use correct type, properly
      handle odd chunk lengths, fix off-by-one in pngrutil.c.
    - CVE-2011-3045
 -- Marc Deslauriers <email address hidden>   Wed, 21 Mar 2012 13:21:56 -0400
  • libpng (1.2.44-1ubuntu3.2) natty-security; urgency=low

  * SECURITY UPDATE: fix integer overflow / truncation
    - debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
      when allocating memory in png_decompress_chunk()
    - CVE-2011-3026
 -- Jamie Strandboge <email address hidden>   Wed, 15 Feb 2012 21:16:54 -0600
  • libpng (1.2.44-1ubuntu3.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jul 2011 08:29:58 -0400
  • libpng (1.2.44-1ubuntu3) natty; urgency=low

  * Build for multiarch.  Requires converting libpng3 from Arch: all to
    Arch: any.
  * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
    directory to the udeb.
 -- Steve Langasek <email address hidden>   Sat, 19 Mar 2011 17:51:38 -0700
  • libpng (1.2.44-1ubuntu2) natty; urgency=low

  * Really fix debian/libpng3.links; the symlink goes in /usr/lib and the
    target in /lib, not the other way around.
 -- Steve Langasek <email address hidden>   Sun, 27 Feb 2011 11:21:08 -0800
  • libpng (1.2.44-1ubuntu1) natty; urgency=low

  * debian/libpng3.links: fix up the compat symlink to point to /lib.
    Closes: #579074, LP: #284325.
 -- Steve Langasek <email address hidden>   Sat, 22 Jan 2011 13:21:17 -0800
  • libpng (1.2.44-1) unstable; urgency=low

  * New upstream release
    Stop memory leak when reading a malformed sCAL chunk
 -- Michael Bienia <email address hidden>   Sat, 26 Jun 2010 13:32:43 +1000