Accepted libpng 1.2.27-2+lenny3 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 11 Apr 2010 11:40:33 +0200
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source i386 all
Version: 1.2.27-2+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Closes: 533676 572308
Changes:
libpng (1.2.27-2+lenny3) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
width values that are not divisible by 8, which causes libpng to include
uninitialized bits in certain rows of a PNG file and might allow remote
attackers to read portions of sensitive memory via "out-of-bounds pixels"
in the file (Closes: 533676)
* Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
data that has a disproportionately large uncompressed representation, which
allows remote attackers to cause a denial of service (memory and CPU
consumption, and application hang) via a crafted PNG file (Closes: #572308)
Checksums-Sha1:
ac10acd3f8efd69cc5fbbd7e55203ef0d5e5ae2e 1201 libpng_1.2.27-2+lenny3.dsc
38f09128f75ee5d6aa75862aa4c7421f9e78dbc1 19687 libpng_1.2.27-2+lenny3.diff.gz
cba40031775fa9e1f68dc6f7ec64d2c548b1dfd6 165560 libpng12-0_1.2.27-2+lenny3_i386.deb
2b2799afc21123254c1c4f8cc23a02f685db1dd8 246968 libpng12-dev_1.2.27-2+lenny3_i386.deb
777ae91ecbafa1373426c405131980b728dd41b8 880 libpng3_1.2.27-2+lenny3_all.deb
8ac89dbc40806220dce62850d97af7a5404a4fc1 70094 libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Checksums-Sha256:
d6faba268d2e00c73632b5ad3df2da351dcf82966557e5f7e750a5287165b667 1201 libpng_1.2.27-2+lenny3.dsc
4a5a1ad1b9d98914fd7c10fc2a1cf146847acdf44e6e0477fc16d9fd05e3d333 19687 libpng_1.2.27-2+lenny3.diff.gz
832a13f92f0c62199fdf1584be739f0efe3c2365d4dd2f9e62b66ac8a33b48f0 165560 libpng12-0_1.2.27-2+lenny3_i386.deb
fb9e5141f31f0ea50eea9b21ec79065e78604f6a91b32288028ca1a0d07f3b2e 246968 libpng12-dev_1.2.27-2+lenny3_i386.deb
be470a354466cdedd245d4ca652ba94df4564b6f68ff32eef10c5a46d9cb5e93 880 libpng3_1.2.27-2+lenny3_all.deb
4a5430f9ed571b246bf2ebe96c36e1641147fd0909963a4bf494d5b3f49d5cd7 70094 libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Files:
abe81b0d3c4aa7a1fa418e29f2c5b297 1201 libs optional libpng_1.2.27-2+lenny3.dsc
60ede1843ceb8a1f127c54b847a74dfa 19687 libs optional libpng_1.2.27-2+lenny3.diff.gz
233945ee4b1e442357276431ce495a4c 165560 libs optional libpng12-0_1.2.27-2+lenny3_i386.deb
083d472fd65f884c91dff5926e538342 246968 libdevel optional libpng12-dev_1.2.27-2+lenny3_i386.deb
028b00e28aad8282714776c5dcca64a8 880 oldlibs optional libpng3_1.2.27-2+lenny3_all.deb
769336f4574678e56931e1a1eaf6be6a 70094 debian-installer extra libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvBnUUACgkQNxpp46476ao8qgCcCMk58l27EAR9VZ/MIKCHRceo
L3UAnRHFyBHdCWCUV6bBtFZZ7Kl1TaMg
=oDjc
-----END PGP SIGNATURE-----
Accepted:
libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
to main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
libpng12-0_1.2.27-2+lenny3_i386.deb
to main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb
libpng12-dev_1.2.27-2+lenny3_i386.deb
to main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb
libpng3_1.2.27-2+lenny3_all.deb
to main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb
libpng_1.2.27-2+lenny3.diff.gz
to main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz
libpng_1.2.27-2+lenny3.dsc
to main/libp/libpng/libpng_1.2.27-2+lenny3.dsc
Reply to: