Ubuntu
libpng package

Sync libpng 1.2.35-1 (main) from Debian unstable (main).

Bug #376673 reported by Jamie Strandboge
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libpng (Ubuntu)
Fix Released
Wishlist
Jamie Strandboge

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/libpng
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync libpng 1.2.35-1 (main) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be dropped:
Ubuntu changes can be dropped as the CVE fixes are in Debian and the ECHO
fix was incorporated in 1.2.29

Changelog since current karmic version 1.2.27-2ubuntu2:

libpng (1.2.35-1) unstable; urgency=high

  * New upstream release
    - http://secunia.com/advisories/33970/
      Fix a vulnerability reported by Tavis Ormandy in which
      some arrays of pointers are not initialized prior to using
      "malloc" to define the pointers.
      Closes: #516256
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
      The png_check_keyword function in pngwutil.c in libpng, might
      allow context-dependent attackers to set the value of an
      arbitrary memory location to zero via vectors involving
      creation of crafted PNG files with keywords, related to an
      implicit cast of the '\0' character constant to a NULL pointer.
  * Don't build libpng3 when binary-indep target is not called.
    Closes: #486415

 -- Anibal Monsalve Salazar <email address hidden> Sat, 21 Feb 2009 15:50:52 +1100

libpng (1.2.33-2) unstable; urgency=low

  * Fix the following lintian issues:
    W: libpng12-0: copyright-refers-to-versionless-license-file
       usr/share/common-licenses/GPL

 -- Anibal Monsalve Salazar <email address hidden> Mon, 16 Feb 2009 11:32:17 +1100

libpng (1.2.33-1) experimental; urgency=low

  * New upstream release
    - Fix memory leak after reading a malformed tEXt chunk

 -- Anibal Monsalve Salazar <email address hidden> Sat, 01 Nov 2008 17:21:56 +1100

libpng (1.2.32-1) experimental; urgency=low

  * New upstream release
    - libpng.pc is configured to do static linking; closes: #483477
    - use autoconf variables in .pc and libpng-config; closes: #483478
  * Remove debian/patches/02-501109-pngtest.c.diff; it was merged

 -- Anibal Monsalve Salazar <email address hidden> Sun, 05 Oct 2008 08:20:20 +1100

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkoMgYgACgkQW0JvuRdL8BqLkwCfUJbO4/fjX8knguvrFsBY2Fmv
/dEAn3KkInddVZ80poPN0LGIqE+RvFpL
=A0jZ
-----END PGP SIGNATURE-----

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

[Updating] libpng (1.2.27-2ubuntu2 [Ubuntu] < 1.2.35-1 [Debian])
 * Trying to add libpng...
  - <libpng_1.2.35-1.dsc: downloading from http://ftp.debian.org/debian/>
  - <libpng_1.2.35.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
  - <libpng_1.2.35-1.diff.gz: downloading from http://ftp.debian.org/debian/>
I: libpng [main] -> libpng12-0_1.2.27-2ubuntu2 [main].
I: libpng [main] -> libpng12-dev_1.2.27-2ubuntu2 [main].
I: libpng [main] -> libpng3_1.2.27-2ubuntu2 [universe].
I: libpng [main] -> libpng12-0-udeb_1.2.27-2ubuntu2 [main].

Changed in libpng (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.