lp:ubuntu/dapper-updates/libpng
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/libpng
Branch merges
Branch information
Recent revisions
- 11. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- pngpread.c: check for unexpected data after the last row.
- patch backported from 1.2.44
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- pngrutil.c: properly free memory
- patch backported from 1.2.44
- CVE-2010-2249 - 10. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- pngrutil.c: use new two-pass decompression method backported from
1.2.43
- CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
- pngrutil.c: initialize memory if interlaced
- CVE-2009-2042 - 9. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- patch applied inline: initialize pointers in pngread.c, pngrtans.c,
pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #217128)
- patch applied inline: initialize "unknown" chunks in pngpread.c,
pngrutil.c and pngset.c
- CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
- patch applied inline: shorten tIME_string to 29 bytes in pngtest.c
- CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- patch applied inline: update pngwutil.c to properly set new_key to NULL
string
- CVE-2008-5907 - 8. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via a crafted PNG image
* fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations
* References
CVE-2007-5269 - 7. By Kees Cook
-
* SECURITY UPDATE: denial of service via crafted CRC.
* pngrutil.c: upstream fixes applied inline.
* References
CVE-2007-2445 - 6. By Kees Cook
-
* SECURITY UPDATE: some PNGs could cause out-of-bounds heap reads,
crashing the application using libpng.
* Add 'debian/patch/ubuntu_ 01_splt_ overflow. patch': correct png_set_sPLT
to allocate correct structure.
* References
http://bugs.gentoo. org/show_ bug.cgi? id=154380
CVE-2006-5793 - 5. By Josselin Mouette <email address hidden>
-
* drop_pass_
width.patch: don't export png_pass_width, it's absolutely
unnecessary.
* libpng12-0.shlibs: downgrade the shlibs accordingly
(closes: #331383). - 3. By Josselin Mouette <email address hidden>
-
* New upstream release.
* libpng10-0.shlibs: update to version 1.0.18, new flags were added. - 2. By Josselin Mouette <email address hidden>
-
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<email address hidden> to fix several vulnerabilities (closes: #263496):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598] .
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599] .
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/libpng