lp:ubuntu/maverick-updates/libpng

Created by Ubuntu Package Importer on 2011-07-26 and last modified on 2012-04-05
Get this branch:
bzr branch lp:ubuntu/maverick-updates/libpng
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

31. By Marc Deslauriers on 2012-04-05

* SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - debian/patches/CVE-2011-3048.patch: correctly restore to previous
    condition in pngset.c.
  - CVE-2011-3048

30. By Marc Deslauriers on 2012-03-21

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect type.
  - debian/patches/06-CVE-2011-3045.patch: use correct type, properly
    handle odd chunk lengths, fix off-by-one in pngrutil.c.
  - CVE-2011-3045

29. By Jamie Strandboge on 2012-02-15

* SECURITY UPDATE: fix integer overflow / truncation
  - debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
    when allocating memory in png_decompress_chunk()
  - CVE-2011-3026

28. By Marc Deslauriers on 2011-07-26

* SECURITY UPDATE: denial of service via error message data
  - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
    pngerror.c.
  - CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via crafted PNG image
  - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
    pngrtran.c.
  - CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via invalid sCAL chunks
  - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
    pngrutil.c.
  - CVE-2011-2692

27. By Anibal Monsalve Salazar on 2010-06-26

New upstream release
Stop memory leak when reading a malformed sCAL chunk

26. By Anibal Monsalve Salazar on 2010-03-03

* New upstream release
* Fix CVE-2010-0205 and Cert VU#576029
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
  https://www.kb.cert.org/vuls/id/576029
  Do not stall and consume large quantities of memory while processing
  certain Portable Network Graphics (PNG) files
  Closes: 572308

25. By Marc Deslauriers on 2010-03-11

* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
    method in pngrutil.c.
  - CVE-2010-0205

24. By Steve Langasek on 2010-01-28

* Merge from Debian testing. Remaining changes:
  - Move libpng from /usr/lib to /lib, so that plymouth is usable on
    systems with a separate /usr.

23. By Steve Langasek on 2010-01-25

Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
with a separate /usr.

22. By Anibal Monsalve Salazar on 2009-12-04

* New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
  Define PNG_ERROR_NUMBERS_SUPPORTED
  Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
  a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
  exported.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/oneiric/libpng
This branch contains Public information 
Everyone can see this information.

Subscribers