lp:debian/lenny/libpng

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

14. By Nobuhiro Iwamatsu on 2011-07-16

* Apply upstream patch to 1-byte uninitialized memory reference in
  png_format_buffer(). (Closes: #632786, CVE-2011-2501)
* Apply upstream patch to buffer overwrite in png_rgb_to_gray.
  (Closes: #633871, CVE-2011-2690)
* Apply upstream patch to crash in png_default_error due to use of
  NULL Pointer. (Closes: #633871, CVE-2011-2691)
* Apply upstream patch to memory corruption when handling empty sCAL chunks.
  (Closes: #633871, CVE-2011-2692)

13. By Giuseppe Iuculano on 2010-07-17

* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-1205: Buffer overflow in pngpread.c (Closes: #587670)
* Fixed CVE-2010-2249: Memory leak in pngrutil.c

12. By Giuseppe Iuculano on 2010-04-11

* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
  width values that are not divisible by 8, which causes libpng to include
  uninitialized bits in certain rows of a PNG file and might allow remote
  attackers to read portions of sensitive memory via "out-of-bounds pixels"
  in the file (Closes: 533676)
* Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
  data that has a disproportionately large uncompressed representation, which
  allows remote attackers to cause a denial of service (memory and CPU
  consumption, and application hang) via a crafted PNG file (Closes: #572308)

11. By Florian Weimer on 2009-03-19

Fix memory leak on CRC errors in tEXt chunks (CVE-2008-6218).

10. By Anibal Monsalve Salazar on 2006-12-20

* Applied legacy_symbols.patch.
* Changed shlibs dependecy versions to ">= 1.2.13-4".
* libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
  pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
  povray-3.5 (<= 3.5.0c-10).

9. By Anibal Monsalve Salazar on 2006-12-03

* New upstream release.
  - Fixed asm API functions not exported on amd64. Closes: #401044.
  - Fixed "libpng hangs when saving profile". Closes: #401423.
* Fixed "Incorrect shlibs information". Closes: #401465.
* Removed patches for png.h and pngconf.h.
* Updated debian/watch.

8. By Anibal Monsalve Salazar on 2006-11-21

Removed drop_pass_width patch. Closes: #399499.

7. By Anibal Monsalve Salazar on 2006-10-16

* New maintainer. Closes: #393109.
* ACK NMUs. Closes: #378463, #377298, #356252.
* debian/control:
  - set Standards-Version to 3.7.2.
  - set Priority to extra for libpng12-0-udeb.
  - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
    dependency lists.
* Added debian/watch file.

6. By Frans Pop <email address hidden> on 2006-03-30

* Non Maintainer Upload (closes: #356252).
* Add support for udeb dependency resolution in shlibs file.
* Update debhelper compatibility to level 5.

5. By Josselin Mouette <email address hidden> on 2005-10-03

* drop_pass_width.patch: don't export png_pass_width, it's absolutely
  unnecessary.
* libpng12-0.shlibs: downgrade the shlibs accordingly
  (closes: #331383).