Ubuntu
libpng package

lp:ubuntu/jaunty-security/libpng

Jaunty (9.04)
jaunty-security

Created by James Westby on 2010-03-16 and last modified on 2010-07-05

Get this branch:: bzr branch lp:ubuntu/jaunty-security/libpng

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

19. By Marc Deslauriers on 2010-07-05: * SECURITY UPDATE: arbitrary code execution from additional data row via
  malformed PNG image
  - debian/patches/05-CVE-2010-1205.patch: check for unexpected data
    after the last row in pngpread.c.
  - CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
  chunks
  - debian/patches/06-CVE-2010-2249.patch: properly free memory in
    pngrutil.c.
  - CVE-2010-2249
18. By Marc Deslauriers on 2010-03-15: * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - debian/patches/03-CVE-2010-0205.patch: use new two-pass decompression
    method in pngrutil.c.
  - CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
  - debian/patches/04-CVE-2009-2042.patch: initialize memory in
    pngrutil.c.
  - CVE-2009-2042
17. By Jamie Strandboge on 2009-03-05: * SECURITY UPDATE: denial of service and possible execution of arbitrary
  code via crafted image (LP: #338027)
  - debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
    pngrtans.c, pngset.c and example.c
  - CVE-2009-0040
* SECURITY UPDATE: denial of service via incorrect memory assignment
  (LP: #324258)
  - debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
    new_key to NULL string
  - CVE-2008-5907
16. By Matthias Klose on 2008-11-16: debian/rules: Work around missing definition of ECHO.
15. By Anibal Monsalve Salazar on 2008-10-04: * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0
14. By Anibal Monsalve Salazar on 2008-04-29: * New upstream release
* Patches merged upstream:
debian/patches/02-476669-CVE-2008-1382.diff
debian/patches/03-404514-png.5.diff
* Run ./autogen.sh
13. By Anibal Monsalve Salazar on 2007-10-14: * ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
12. By LaMont Jones on 2007-10-04: Trigger rebuild for hppa
11. By Anibal Monsalve Salazar on 2007-05-09: * It seems that a grayscale image with a malformed (bad CRC) tRNS
  chunk will crash libpng and mozilla. Closes: #424729.
  - CVE-2007-2445
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
  - CERT Vulnerability Note VU#684664
    http://www.kb.cert.org/vuls/id/684664
10. By Anibal Monsalve Salazar on 2006-12-20: * Applied legacy_symbols.patch.
* Changed shlibs dependecy versions to ">= 1.2.13-4".
* libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
povray-3.5 (<= 3.5.0c-10).

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/lucid/libpng

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntulibpng package