Accepted libpng3 1.2.5.0-7 (i386 source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 5 Aug 2004 12:37:32 +0200
Source: libpng3
Binary: libpng3-dev libpng12-dev libpng12-0 libpng12-0-udeb libpng3
Architecture: source all i386
Version: 1.2.5.0-7
Distribution: unstable
Urgency: high
Maintainer: Josselin Mouette <joss@debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
libpng3-dev - PNG library - development, compatibility package
Closes: 263500
Changes:
libpng3 (1.2.5.0-7) unstable; urgency=high
.
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<chris@scary.beasts.org> to fix several vulnerabilities (closes: #263500):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598].
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599].
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].
Files:
156ff5587d1ca56c3a3c1ec8c8238138 635 libs optional libpng3_1.2.5.0-7.dsc
688f6347dbee0df26e23705185502bca 13820 libs optional libpng3_1.2.5.0-7.diff.gz
c6664206b2830de36ca68835b46f5097 940 libs optional libpng3_1.2.5.0-7_all.deb
2cf77494dd1af5cb1731feed361ebb95 934 libdevel optional libpng3-dev_1.2.5.0-7_all.deb
713dfd2e484f2d762d6864f024ff5eff 110100 libs optional libpng12-0_1.2.5.0-7_i386.deb
83d090e3cc2782f054aa4680ef3711fa 238510 libdevel optional libpng12-dev_1.2.5.0-7_i386.deb
4ca10db90ca9d491ce26b8094a8e0ce1 71140 debian-installer optional libpng12-0-udeb_1.2.5.0-7_i386.udeb
package-type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBEhQRrSla4ddfhTMRAroiAKCc8R1qMK+4AZEd1bhZT5b7krtjHwCfVY5z
/yAj+zrbkAfBgBNzAlgfu60=
=UbVb
-----END PGP SIGNATURE-----
Accepted:
libpng12-0-udeb_1.2.5.0-7_i386.udeb
to pool/main/libp/libpng3/libpng12-0-udeb_1.2.5.0-7_i386.udeb
libpng12-0_1.2.5.0-7_i386.deb
to pool/main/libp/libpng3/libpng12-0_1.2.5.0-7_i386.deb
libpng12-dev_1.2.5.0-7_i386.deb
to pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7_i386.deb
libpng3-dev_1.2.5.0-7_all.deb
to pool/main/libp/libpng3/libpng3-dev_1.2.5.0-7_all.deb
libpng3_1.2.5.0-7.diff.gz
to pool/main/libp/libpng3/libpng3_1.2.5.0-7.diff.gz
libpng3_1.2.5.0-7.dsc
to pool/main/libp/libpng3/libpng3_1.2.5.0-7.dsc
libpng3_1.2.5.0-7_all.deb
to pool/main/libp/libpng3/libpng3_1.2.5.0-7_all.deb
Reply to: