lp:ubuntu/dapper-updates/libpng

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

11. By Marc Deslauriers on 2010-07-05

* SECURITY UPDATE: arbitrary code execution from additional data row via
  malformed PNG image
  - pngpread.c: check for unexpected data after the last row.
  - patch backported from 1.2.44
  - CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
  chunks
  - pngrutil.c: properly free memory
  - patch backported from 1.2.44
  - CVE-2010-2249

10. By Marc Deslauriers on 2010-03-15

* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - pngrutil.c: use new two-pass decompression method backported from
    1.2.43
  - CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
  - pngrutil.c: initialize memory if interlaced
  - CVE-2009-2042

9. By Jamie Strandboge on 2009-03-05

* SECURITY UPDATE: denial of service and possible execution of arbitrary
  code via crafted image (LP: #338027)
  - patch applied inline: initialize pointers in pngread.c, pngrtans.c,
    pngset.c and example.c
  - CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
  code via crafted image (LP: #217128)
  - patch applied inline: initialize "unknown" chunks in pngpread.c,
    pngrutil.c and pngset.c
  - CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
  - patch applied inline: shorten tIME_string to 29 bytes in pngtest.c
  - CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
  (LP: #324258)
  - patch applied inline: update pngwutil.c to properly set new_key to NULL
    string
  - CVE-2008-5907

8. By Jamie Strandboge on 2007-10-24

* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngpread.c and pngrutil.c to properly do bounds checking on read
  operations
* References
  CVE-2007-5269

7. By Kees Cook on 2007-06-11

* SECURITY UPDATE: denial of service via crafted CRC.
* pngrutil.c: upstream fixes applied inline.
* References
  CVE-2007-2445

6. By Kees Cook on 2006-11-15

* SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads,
  crashing the application using libpng.
* Add 'debian/patch/ubuntu_01_splt_overflow.patch': correct png_set_sPLT
  to allocate correct structure.
* References
  http://bugs.gentoo.org/show_bug.cgi?id=154380
  CVE-2006-5793

5. By Josselin Mouette <email address hidden> on 2005-10-03

* drop_pass_width.patch: don't export png_pass_width, it's absolutely
  unnecessary.
* libpng12-0.shlibs: downgrade the shlibs accordingly
  (closes: #331383).

4. By Matthias Klose on 2005-08-22

Drop the gcc-3.3 build dependency as well.

3. By Josselin Mouette <email address hidden> on 2004-12-04

* New upstream release.
* libpng10-0.shlibs: update to version 1.0.18, new flags were added.

2. By Josselin Mouette <email address hidden> on 2004-08-05

* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
  buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
  <email address hidden> to fix several vulnerabilities (closes: #263496):
  + libpng fails to properly check length on PNG data [CAN-2004-0597].
  + libpng "png_handle_sBIT" does not perform proper checks to avoid stack
    buffer overflow [CAN-2004-0597].
  + libpng "png_handle_iCCP" possible NULL-pointer crash
    [CAN-2004-0598].
  + libpng "png_handle_sPLT" possible integer overflow
    [CAN-2004-0599].
  + libpng "png_read_png" does not properly handle a PNG with excessive
    height (integer overflow) [CAN-2004-0599].
  + libpng progressive reading integer overflow [CAN-2004-0599].