Ubuntu
libpng package

lp://staging/ubuntu/maverick-security/libpng

Maverick (10.10)
maverick-security

Created by Ubuntu Package Importer on 2011-07-26 and last modified on 2012-04-05

Get this branch:: bzr branch lp://staging/ubuntu/maverick-security/libpng

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

31. By Marc Deslauriers on 2012-04-05: * SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - debian/patches/CVE-2011-3048.patch: correctly restore to previous
    condition in pngset.c.
  - CVE-2011-3048
30. By Marc Deslauriers on 2012-03-21: * SECURITY UPDATE: denial of service and possible code execution via
  incorrect type.
  - debian/patches/06-CVE-2011-3045.patch: use correct type, properly
    handle odd chunk lengths, fix off-by-one in pngrutil.c.
  - CVE-2011-3045
29. By Jamie Strandboge on 2012-02-15: * SECURITY UPDATE: fix integer overflow / truncation
  - debian/patches/05-CVE-2011-3026.patch: adjust pngrutil.c to verify size
    when allocating memory in png_decompress_chunk()
  - CVE-2011-3026
28. By Marc Deslauriers on 2011-07-26: * SECURITY UPDATE: denial of service via error message data
  - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
    pngerror.c.
  - CVE-2011-2501
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via crafted PNG image
  - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
    pngrtran.c.
  - CVE-2011-2690
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via invalid sCAL chunks
  - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
    pngrutil.c.
  - CVE-2011-2692
27. By Anibal Monsalve Salazar on 2010-06-26: New upstream release
Stop memory leak when reading a malformed sCAL chunk
26. By Anibal Monsalve Salazar on 2010-03-03: * New upstream release
* Fix CVE-2010-0205 and Cert VU#576029
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
  https://www.kb.cert.org/vuls/id/576029
  Do not stall and consume large quantities of memory while processing
  certain Portable Network Graphics (PNG) files
  Closes: 572308
25. By Marc Deslauriers on 2010-03-11: * SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
  - debian/patches/02-CVE-2010-0205.patch: use new two-pass decompression
    method in pngrutil.c.
  - CVE-2010-0205
24. By Steve Langasek on 2010-01-28: * Merge from Debian testing. Remaining changes:
- Move libpng from /usr/lib to /lib, so that plymouth is usable on
systems with a separate /usr.
23. By Steve Langasek on 2010-01-25: Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
with a separate /usr.
22. By Anibal Monsalve Salazar on 2009-12-04: * New upstream release
* Debian source format is 3.0 (quilt)
* Update debian/watch
* Add 02-export-png_set_strip_error_numbers.patch
  Define PNG_ERROR_NUMBERS_SUPPORTED
  Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
  a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
  exported.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp://staging/ubuntu/oneiric/libpng

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntulibpng package