Ubuntu
libpng package

lp:ubuntu/hardy-updates/libpng

  1. Hardy (8.04)
  2. hardy-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-updates/libpng
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

20. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - pngset.c: correctly restore to previous condition.
  - Patch from Debian's 1.2.44-1+squeeze4 update
  - CVE-2011-3048

19. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect type.
  - pngrutil.c: use correct type, properly handle odd chunk lengths, fix
    off-by-one.
  - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1
  - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
  - CVE-2011-3045

18. By Jamie Strandboge

* SECURITY UPDATE: fix integer overflow / truncation
  - adjust pngrutil.c to verify size when allocating memory in
    png_decompress_chunk()
  - http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
  - CVE-2011-3026
* SECURITY UPDATE: Reject attempt to write iCCP chunk with negative embedded
  profile length
  - adjust pngwutil.c to verify that embedded_profile_len is not negative in
    png_write_iCCP()
  - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
  - CVE-2009-5063

17. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via crafted PNG image
  - pngrtran.c: validate coefficients.
  - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
  - CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via invalid sCAL chunks
  - pngrutil.c: check sCAL chunk length.
  - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
  - CVE-2011-2692

16. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution from additional data row via
  malformed PNG image
  - pngpread.c: check for unexpected data after the last row.
  - patch backported from 1.2.44
  - CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
  chunks
  - pngrutil.c: properly free memory
  - patch backported from 1.2.44
  - CVE-2010-2249

15. By Marc Deslauriers

* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - pngrutil.c: use new two-pass decompression method backported from
    1.2.43
  - CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
  - pngrutil.c: initialize memory if interlaced
  - CVE-2009-2042

14. By Jamie Strandboge

* SECURITY UPDATE: denial of service and possible execution of arbitrary
  code via crafted image (LP: #338027)
  - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
  - CVE-2009-0040
* SECURITY UPDATE: denial of service and possible execution of arbitrary
  code via crafted image (LP: #217128)
  - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
  - CVE-2008-1382
* SECURITY UPDATE: denial of service via off-by-one error
  - shorten tIME_string to 29 bytes in pngtest.c
  - CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
  (LP: #324258)
  - update pngwutil.c to properly set new_key to NULL string
  - CVE-2008-5907
* SECURITY UPDATE: denial of service via a crafted PNG image
  - fix for pngset.c to properly check palette size in png_set_hIST
  - CVE-2007-5268
* SECURITY UPDATE: denial of service via a crafted PNG image
  - fix for pngpread.c and pngrutil.c to properly do bounds checking on read
    operations. Previous version only had a partial fix.
  - CVE-2007-5269

13. By Anibal Monsalve Salazar

* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
  png image files (CVE-2007-5269) (Closes: #446308).

12. By LaMont Jones

Trigger rebuild for hppa

11. By Anibal Monsalve Salazar

* It seems that a grayscale image with a malformed (bad CRC) tRNS
  chunk will crash libpng and mozilla. Closes: #424729.
  - CVE-2007-2445
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
  - CERT Vulnerability Note VU#684664
    http://www.kb.cert.org/vuls/id/684664

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/libpng
This branch contains Public information 
Everyone can see this information.

Subscribers