Ubuntu
libpng package

  1. Bug #338027
  2. Comment #2

Comment 2 for bug 338027

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libpng - 1.2.15~beta5-2ubuntu0.2

---------------
libpng (1.2.15~beta5-2ubuntu0.2) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #217128)
    - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
    - CVE-2008-1382
  * SECURITY UPDATE: denial of service via off-by-one error
    - shorten tIME_string to 29 bytes in pngtest.c
    - CVE-2008-3964
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - update pngwutil.c to properly set new_key to NULL string
    - CVE-2008-5907

 -- Jamie Strandboge <email address hidden> Thu, 05 Mar 2009 07:55:49 -0600