lp:ubuntu/hardy-security/libpng
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/libpng
Branch merges
Branch information
Recent revisions
- 20. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
memory corruption issue.
- pngset.c: correctly restore to previous condition.
- Patch from Debian's 1.2.44-1+squeeze4 update
- CVE-2011-3048 - 19. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
incorrect type.
- pngrutil.c: use correct type, properly handle odd chunk lengths, fix
off-by-one.
- http://libpng. git.sourceforge .net/git/ gitweb. cgi?p=libpng/ libpng; a=commit; h=13f12476543c4 ada693b4cb47403 9d5cf3389ed1
- http://libpng. git.sourceforge .net/git/ gitweb. cgi?p=libpng/ libpng; a=commit; h=a8c319a2b281a f68f7ca0e2f9a28 ca57b44ceb2b
- CVE-2011-3045 - 18. By Jamie Strandboge
-
* SECURITY UPDATE: fix integer overflow / truncation
- adjust pngrutil.c to verify size when allocating memory in
png_decompress_ chunk()
- http://src.chromium. org/viewvc/ chrome/ branches/ 963/src/ third_party/ libpng/ pngrutil. c?view= patch&r1= 121492& r2=121491& pathrev= 121492
- CVE-2011-3026
* SECURITY UPDATE: Reject attempt to write iCCP chunk with negative embedded
profile length
- adjust pngwutil.c to verify that embedded_profile_ len is not negative in
png_write_iCCP( )
- http://libpng. git.sourceforge .net/git/ gitweb. cgi?p=libpng/ libpng; a=commitdiff; h=9e88fcd58c8ce 7f2183bc2045e51 80cba0043f09# patch19
- CVE-2009-5063 - 17. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via crafted PNG image
- pngrtran.c: validate coefficients.
- http://libpng. git.sourceforge .net/git/ gitweb. cgi?p=libpng/ libpng; a=commit; h=d572394c2a018 ef22e9685ac189f 5f05c08ea6f5
- CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid sCAL chunks
- pngrutil.c: check sCAL chunk length.
- http://libpng. git.sourceforge .net/git/ gitweb. cgi?p=libpng/ libpng; a=commit; h=61a2d8a2a7b03 023e63eae9a3e64 607aaaa6d339
- CVE-2011-2692 - 16. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- pngpread.c: check for unexpected data after the last row.
- patch backported from 1.2.44
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- pngrutil.c: properly free memory
- patch backported from 1.2.44
- CVE-2010-2249 - 15. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- pngrutil.c: use new two-pass decompression method backported from
1.2.43
- CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
- pngrutil.c: initialize memory if interlaced
- CVE-2009-2042 - 14. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #217128)
- initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
- CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
- shorten tIME_string to 29 bytes in pngtest.c
- CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- update pngwutil.c to properly set new_key to NULL string
- CVE-2008-5907
* SECURITY UPDATE: denial of service via a crafted PNG image
- fix for pngset.c to properly check palette size in png_set_hIST
- CVE-2007-5268
* SECURITY UPDATE: denial of service via a crafted PNG image
- fix for pngpread.c and pngrutil.c to properly do bounds checking on read
operations. Previous version only had a partial fix.
- CVE-2007-5269 - 13. By Anibal Monsalve Salazar
-
* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308). - 11. By Anibal Monsalve Salazar
-
* It seems that a grayscale image with a malformed (bad CRC) tRNS
chunk will crash libpng and mozilla. Closes: #424729.
- CVE-2007-2445
http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2007-2445
- CERT Vulnerability Note VU#684664
http://www.kb. cert.org/ vuls/id/ 684664
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/libpng