Sync libpng 1.2.35-1 (main) from Debian unstable (main).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpng (Ubuntu) |
Fix Released
|
Wishlist
|
Jamie Strandboge |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/libpng
status confirmed
importance wishlist
subscribe ubuntu-archive
Please sync libpng 1.2.35-1 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be dropped:
Ubuntu changes can be dropped as the CVE fixes are in Debian and the ECHO
fix was incorporated in 1.2.29
Changelog since current karmic version 1.2.27-2ubuntu2:
libpng (1.2.35-1) unstable; urgency=high
* New upstream release
- http://
Fix a vulnerability reported by Tavis Ormandy in which
some arrays of pointers are not initialized prior to using
"malloc" to define the pointers.
Closes: #516256
- http://
The png_check_keyword function in pngwutil.c in libpng, might
allow context-dependent attackers to set the value of an
arbitrary memory location to zero via vectors involving
creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
* Don't build libpng3 when binary-indep target is not called.
Closes: #486415
-- Anibal Monsalve Salazar <email address hidden> Sat, 21 Feb 2009 15:50:52 +1100
libpng (1.2.33-2) unstable; urgency=low
* Fix the following lintian issues:
W: libpng12-0: copyright-
-- Anibal Monsalve Salazar <email address hidden> Mon, 16 Feb 2009 11:32:17 +1100
libpng (1.2.33-1) experimental; urgency=low
* New upstream release
- Fix memory leak after reading a malformed tEXt chunk
-- Anibal Monsalve Salazar <email address hidden> Sat, 01 Nov 2008 17:21:56 +1100
libpng (1.2.32-1) experimental; urgency=low
* New upstream release
- libpng.pc is configured to do static linking; closes: #483477
- use autoconf variables in .pc and libpng-config; closes: #483478
* Remove debian/
-- Anibal Monsalve Salazar <email address hidden> Sun, 05 Oct 2008 08:20:20 +1100
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAko
/dEAn3KkInddVZ8
=A0jZ
-----END PGP SIGNATURE-----
[Updating] libpng (1.2.27-2ubuntu2 [Ubuntu] < 1.2.35-1 [Debian]) 1.2.35- 1.dsc: downloading from http:// ftp.debian. org/debian/> 1.2.35. orig.tar. gz: downloading from http:// ftp.debian. org/debian/> 1.2.35- 1.diff. gz: downloading from http:// ftp.debian. org/debian/> 0_1.2.27- 2ubuntu2 [main]. dev_1.2. 27-2ubuntu2 [main]. 1.2.27- 2ubuntu2 [universe]. 0-udeb_ 1.2.27- 2ubuntu2 [main].
* Trying to add libpng...
- <libpng_
- <libpng_
- <libpng_
I: libpng [main] -> libpng12-
I: libpng [main] -> libpng12-
I: libpng [main] -> libpng3_
I: libpng [main] -> libpng12-