Ubuntu
libpng package

lp:ubuntu/intrepid-security/libpng

  1. Intrepid (8.10)
  2. intrepid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-security/libpng
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

16. By Marc Deslauriers

* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - debian/patches/03-CVE-2010-0205.patch: use new two-pass decompression
    method in pngrutil.c.
  - CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
  - debian/patches/04-CVE-2009-2042.patch: initialize memory in
    pngrutil.c.
  - CVE-2009-2042

15. By Jamie Strandboge

* SECURITY UPDATE: denial of service and possible execution of arbitrary
  code via crafted image (LP: #338027)
  - debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
    pngrtans.c, pngset.c and example.c
  - CVE-2009-0040
* SECURITY UPDATE: denial of service via off-by-one error
  - debian/patches/02-CVE-2008-3964.diff: shorten tIME_string to 29 bytes in
    pngtest.c
  - CVE-2008-3964
* SECURITY UPDATE: denial of service via incorrect memory assignment
  (LP: #324258)
  - debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
    new_key to NULL string
  - CVE-2008-5907
* debian/rules: Work around missing definition of ECHO. Backported from
  1.2.27-2ubuntu1

14. By Anibal Monsalve Salazar

* New upstream release
* Patches merged upstream:
  debian/patches/02-476669-CVE-2008-1382.diff
  debian/patches/03-404514-png.5.diff
* Run ./autogen.sh

13. By Anibal Monsalve Salazar

* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
  png image files (CVE-2007-5269) (Closes: #446308).

12. By LaMont Jones

Trigger rebuild for hppa

11. By Anibal Monsalve Salazar

* It seems that a grayscale image with a malformed (bad CRC) tRNS
  chunk will crash libpng and mozilla. Closes: #424729.
  - CVE-2007-2445
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
  - CERT Vulnerability Note VU#684664
    http://www.kb.cert.org/vuls/id/684664

10. By Anibal Monsalve Salazar

* Applied legacy_symbols.patch.
* Changed shlibs dependecy versions to ">= 1.2.13-4".
* libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
  pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
  povray-3.5 (<= 3.5.0c-10).

9. By Anibal Monsalve Salazar

* New upstream release.
  - Fixed asm API functions not exported on amd64. Closes: #401044.
  - Fixed "libpng hangs when saving profile". Closes: #401423.
* Fixed "Incorrect shlibs information". Closes: #401465.
* Removed patches for png.h and pngconf.h.
* Updated debian/watch.

8. By Anibal Monsalve Salazar

Removed drop_pass_width patch. Closes: #399499.

7. By Anibal Monsalve Salazar

* New maintainer. Closes: #393109.
* ACK NMUs. Closes: #378463, #377298, #356252.
* debian/control:
  - set Standards-Version to 3.7.2.
  - set Priority to extra for libpng12-0-udeb.
  - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
    dependency lists.
* Added debian/watch file.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/libpng
This branch contains Public information 
Everyone can see this information.

Subscribers