Ubuntu
libpng package

lp:ubuntu/lucid-updates/libpng

Lucid (10.04)
lucid-updates

Created by James Westby on 2010-07-08 and last modified on 2012-04-05

Get this branch:: bzr branch lp:ubuntu/lucid-updates/libpng

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

30. By Marc Deslauriers on 2012-04-05: * SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - debian/patches/CVE-2011-3048.patch: correctly restore to previous
    condition in pngset.c.
  - CVE-2011-3048
29. By Marc Deslauriers on 2012-03-21: * SECURITY UPDATE: denial of service and possible code execution via
  incorrect type.
  - debian/patches/09-CVE-2011-3045.patch: use correct type, properly
    handle odd chunk lengths, fix off-by-one in pngrutil.c.
  - CVE-2011-3045
28. By Jamie Strandboge on 2012-02-15: * SECURITY UPDATE: fix integer overflow / truncation
  - debian/patches/08-CVE-2011-3026.patch: adjust pngrutil.c to verify size
    when allocating memory in png_decompress_chunk()
  - CVE-2011-3026
27. By Marc Deslauriers on 2011-07-26: * SECURITY UPDATE: denial of service via error message data
  - debian/patches/05-CVE-2011-2501.patch: correctly calculate length in
    pngerror.c.
  - CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via crafted PNG image
  - debian/patches/06-CVE-2011-2690.patch: validate coefficients in
    pngrtran.c.
  - CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via invalid sCAL chunks
  - debian/patches/07-CVE-2011-2692.patch: check sCAL chunk length in
    pngrutil.c.
  - CVE-2011-2692
26. By Marc Deslauriers on 2010-07-05: * SECURITY UPDATE: arbitrary code execution from additional data row via
  malformed PNG image
  - debian/patches/03-CVE-2010-1205.patch: check for unexpected data
    after the last row in pngpread.c.
  - CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
  chunks
  - debian/patches/04-CVE-2010-2249.patch: properly free memory in
    pngrutil.c.
  - CVE-2010-2249
25. By Marc Deslauriers on 2010-03-11: * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
    method in pngrutil.c.
  - CVE-2010-0205
24. By Steve Langasek on 2010-01-28: * Merge from Debian testing. Remaining changes:
- Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
23. By Steve Langasek on 2010-01-25: Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
with a separate /usr.
22. By Anibal Monsalve Salazar on 2009-12-04: * New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
  Define PNG_ERROR_NUMBERS_SUPPORTED
  Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
  a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
  exported.
21. By Anibal Monsalve Salazar on 2009-10-07: New upstream release

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/maverick/libpng

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntulibpng package