lp:ubuntu/karmic-security/libpng
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/libpng
Branch merges
Branch information
Recent revisions
- 22. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- debian/patches/ 03-CVE- 2010-1205. patch: check for unexpected data
after the last row in pngpread.c.
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- debian/patches/ 04-CVE- 2010-2249. patch: properly free memory in
pngrutil.c.
- CVE-2010-2249 - 21. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- debian/patches/ 02-CVE- 2010-0205. patch: use new two-pass decompression
method in pngrutil.c.
- CVE-2010-0205 - 19. By Anibal Monsalve Salazar
-
* New upstream release
* Standards-Version is 3.8.1
* debhelper compat is 7
* Run dh_prep instead of dh_clean -k - 18. By Anibal Monsalve Salazar
-
* New upstream release
- http://secunia. com/advisories/ 33970/
Fix a vulnerability reported by Tavis Ormandy in which
some arrays of pointers are not initialized prior to using
"malloc" to define the pointers.
Closes: #516256
- http://cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2008- 5907
The png_check_keyword function in pngwutil.c in libpng, might
allow context-dependent attackers to set the value of an
arbitrary memory location to zero via vectors involving
creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
Closes: #486415 - 17. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service and possible execution of arbitrary
code via crafted image (LP: #338027)
- debian/patches/ 02-CVE- 2009-0040. diff: initialize pointers in pngread.c,
pngrtans.c, pngset.c and example.c
- CVE-2009-0040
* SECURITY UPDATE: denial of service via incorrect memory assignment
(LP: #324258)
- debian/patches/ 02-CVE- 2008-5907. diff: update pngwutil.c to properly set
new_key to NULL string
- CVE-2008-5907 - 15. By Anibal Monsalve Salazar
-
* Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0 - 14. By Anibal Monsalve Salazar
-
* New upstream release
* Patches merged upstream:
debian/patches/ 02-476669- CVE-2008- 1382.diff
debian/patches/ 03-404514- png.5.diff
* Run ./autogen.sh - 13. By Anibal Monsalve Salazar
-
* ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/libpng