lp:ubuntu/jaunty-security/libpng
- Get this branch:
- bzr branch lp:ubuntu/jaunty-security/libpng
Branch merges
Branch information
Recent revisions
- 19. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- debian/patches/ 05-CVE- 2010-1205. patch: check for unexpected data
after the last row in pngpread.c.
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- debian/patches/ 06-CVE- 2010-2249. patch: properly free memory in
pngrutil.c.
- CVE-2010-2249 - 18. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- debian/patches/ 03-CVE- 2010-0205. patch: use new two-pass decompression
method in pngrutil.c.
- CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
- debian/patches/ 04-CVE- 2009-2042. patch: initialize memory in
pngrutil.c.
- CVE-2009-2042 - 17. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- debian/patches/ 02-CVE- 2009-0040. diff: initialize pointers in pngread.c,
pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- debian/patches/ 02-CVE- 2008-5907. diff: update pngwutil.c to properly set
new_key to NULL string
- CVE-2008-5907 - 15. By Anibal Monsalve Salazar
-
* Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0 - 14. By Anibal Monsalve Salazar
-
* New upstream release
* Patches merged upstream:
debian/patches/ 02-476669- CVE-2008- 1382.diff
debian/patches/ 03-404514- png.5.diff
* Run ./autogen.sh - 13. By Anibal Monsalve Salazar
-
* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308). - 11. By Anibal Monsalve Salazar
-
* It seems that a grayscale image with a malformed (bad CRC) tRNS
chunk will crash libpng and mozilla. Closes: #424729.
- CVE-2007-2445
http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2007-2445
- CERT Vulnerability Note VU#684664
http://www.kb. cert.org/ vuls/id/ 684664 - 10. By Anibal Monsalve Salazar
-
* Applied legacy_
symbols. patch.
* Changed shlibs dependecy versions to ">= 1.2.13-4".
* libpng12-0: Added the following conflicts: mzscheme (<= 1:209-5),
pngcrush (<= 1.5.10-2), pngmeta (<= 1.11-3), qemacs (<= 0.3.1-5),
povray-3.5 (<= 3.5.0c-10).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/libpng