Ubuntu
libpng package

lp:ubuntu/karmic-security/libpng

Karmic (9.10)
karmic-security

Created by James Westby on 2010-03-16 and last modified on 2010-07-05

Get this branch:: bzr branch lp:ubuntu/karmic-security/libpng

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

22. By Marc Deslauriers on 2010-07-05: * SECURITY UPDATE: arbitrary code execution from additional data row via
  malformed PNG image
  - debian/patches/03-CVE-2010-1205.patch: check for unexpected data
    after the last row in pngpread.c.
  - CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
  chunks
  - debian/patches/04-CVE-2010-2249.patch: properly free memory in
    pngrutil.c.
  - CVE-2010-2249
21. By Marc Deslauriers on 2010-03-12: * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
    method in pngrutil.c.
  - CVE-2010-0205
20. By Anibal Monsalve Salazar on 2009-06-04: New upstream release
19. By Anibal Monsalve Salazar on 2009-05-22: * New upstream release
* Standards-Version is 3.8.1
* debhelper compat is 7
* Run dh_prep instead of dh_clean -k
18. By Anibal Monsalve Salazar on 2009-02-21: * New upstream release
  - http://secunia.com/advisories/33970/
    Fix a vulnerability reported by Tavis Ormandy in which
    some arrays of pointers are not initialized prior to using
    "malloc" to define the pointers.
    Closes: #516256
  - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
    The png_check_keyword function in pngwutil.c in libpng, might
    allow context-dependent attackers to set the value of an
    arbitrary memory location to zero via vectors involving
    creation of crafted PNG files with keywords, related to an
    implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
  Closes: #486415
17. By Jamie Strandboge on 2009-03-05: * SECURITY UPDATE: denial of service and possible execution of arbitrary
  code via crafted image (LP: #338027)
  - debian/patches/02-CVE-2009-0040.diff: initialize pointers in pngread.c,
    pngrtans.c, pngset.c and example.c
  - CVE-2009-0040
* SECURITY UPDATE: denial of service via incorrect memory assignment
  (LP: #324258)
  - debian/patches/02-CVE-2008-5907.diff: update pngwutil.c to properly set
    new_key to NULL string
  - CVE-2008-5907
16. By Matthias Klose on 2008-11-16: debian/rules: Work around missing definition of ECHO.
15. By Anibal Monsalve Salazar on 2008-10-04: * Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
* Standards-Version is 3.8.0
14. By Anibal Monsalve Salazar on 2008-04-29: * New upstream release
* Patches merged upstream:
debian/patches/02-476669-CVE-2008-1382.diff
debian/patches/03-404514-png.5.diff
* Run ./autogen.sh
13. By Anibal Monsalve Salazar on 2007-10-14: * ACKed NMU.
* Fixed out-of-bounds read operations triggered by crafted
png image files (CVE-2007-5269) (Closes: #446308).

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/lucid/libpng

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntulibpng package