-
libpng (1.2.46-3ubuntu4.3) precise-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2016-10087.patch: fix in png.c.
- CVE-2016-10087
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Jul 2018 16:56:50 -0300
-
libpng (1.2.46-3ubuntu4.2) precise-security; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
-- Marc Deslauriers <email address hidden> Fri, 18 Dec 2015 09:54:56 -0500
-
libpng (1.2.46-3ubuntu4.1) precise-security; urgency=medium
[ Andrew Starr-Bochicchio ]
* SECURITY UPDATE: Multiple buffer overflows in the (1) png_set_PLTE
and (2) png_get_PLTE (LP: #1516592).
- debian/patches/CVE-2015-8126.diff: Prevent writing over-length
PLTE chunk and silently truncate over-length PLTE chunk while reading.
Backported from upstream patch.
- CVE-2015-8126
[ Marc Deslauriers ]
* SECURITY UPDATE: out of bounds read in png_set_tIME
- debian/patches/CVE-2015-7981.patch: check bounds in png.c and
pngset.c.
- CVE-2015-7981
* SECURITY UPDATE: out of bounds read in png_push_read_zTXt
- debian/patches/CVE-2012-3425.patch: check for truncated chunk in
pngpread.c.
- CVE-2012-3425
-- Marc Deslauriers <email address hidden> Thu, 19 Nov 2015 08:05:59 -0500
-
libpng (1.2.46-3ubuntu4) precise; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- debian/patches/CVE-2011-3048.patch: correctly restore to previous
condition in pngset.c.
- CVE-2011-3048
-- Marc Deslauriers <email address hidden> Thu, 05 Apr 2012 08:21:56 -0400
-
libpng (1.2.46-3ubuntu3) precise; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- debian/patches/CVE-2011-3045.patch: use correct type, properly handle
odd chunk lengths, fix off-by-one in pngrutil.c.
- CVE-2011-3045
-- Marc Deslauriers <email address hidden> Wed, 21 Mar 2012 13:16:18 -0400
-
libpng (1.2.46-3ubuntu2) precise; urgency=low
* SECURITY UPDATE: fix integer overflow / truncation
- debian/patches/CVE-2011-3026.patch: adjust pngrutil.c to verify size
when allocating memory in png_decompress_chunk()
- CVE-2011-3026
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 21:10:29 -0600
-
libpng (1.2.46-3ubuntu1) oneiric; urgency=low
* Revert to gzip compression for libpng12-0's data tarball. Packages in
the base system may not use bzip2.
-- Colin Watson <email address hidden> Wed, 10 Aug 2011 21:25:16 +0100