Accepted libpng 1.0.15-6 (i386 source all)

To: debian-devel-changes@lists.debian.org
Subject: Accepted libpng 1.0.15-6 (i386 source all)
From: Josselin Mouette <joss@debian.org>
Date: Thu, 05 Aug 2004 07:17:28 -0400
Message-id: <[🔎] E1BsgFU-0006h6-00@newraff.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  5 Aug 2004 12:31:39 +0200
Source: libpng
Binary: libpng2 libpng2-dev libpng10-dev libpng10-0
Architecture: source all i386
Version: 1.0.15-6
Distribution: unstable
Urgency: high
Maintainer: Josselin Mouette <joss@debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description: 
 libpng10-0 - PNG library, older version - runtime
 libpng10-dev - PNG library, older version - development
 libpng2    - PNG library, older version - runtime
 libpng2-dev - PNG library, older version - development
Closes: 263496
Changes: 
 libpng (1.0.15-6) unstable; urgency=high
 .
   * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
     buffer offsets [CAN-2004-0768].
   * png.h, pngpread.c, pngrutil.c: patch from Chris Evans
     <chris@scary.beasts.org> to fix several vulnerabilities (closes: #263496):
     + libpng fails to properly check length on PNG data [CAN-2004-0597].
     + libpng "png_handle_sBIT" does not perform proper checks to avoid stack
       buffer overflow [CAN-2004-0597].
     + libpng "png_handle_iCCP" possible NULL-pointer crash
       [CAN-2004-0598].
     + libpng "png_handle_sPLT" possible integer overflow
       [CAN-2004-0599].
     + libpng "png_read_png" does not properly handle a PNG with excessive
       height (integer overflow) [CAN-2004-0599].
     + libpng progressive reading integer overflow [CAN-2004-0599].
Files: 
 321e33b48e53883578ea570c614c492d 610 libs optional libpng_1.0.15-6.dsc
 9a55f3c0e431076986ecf0bc59ad3057 14152 libs optional libpng_1.0.15-6.diff.gz
 57369c51cd688e845e832a469c9a1253 934 libs optional libpng2_1.0.15-6_all.deb
 845274de02adc31fc984846255bb2fc0 1160 libdevel extra libpng2-dev_1.0.15-6_all.deb
 4782c15efb729321d2ff8c8e28b84ba0 107210 libs optional libpng10-0_1.0.15-6_i386.deb
 a9a7896a6aec2c52644eff85cc4e0dd5 188368 libdevel optional libpng10-dev_1.0.15-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBEg5WrSla4ddfhTMRApwMAJ45eRJxGGFlofk5Fuv3oIn2Q6WjIgCeJuf5
af37E9KnxB8IiX1TgXelafU=
=YWh+
-----END PGP SIGNATURE-----


Accepted:
libpng10-0_1.0.15-6_i386.deb
  to pool/main/libp/libpng/libpng10-0_1.0.15-6_i386.deb
libpng10-dev_1.0.15-6_i386.deb
  to pool/main/libp/libpng/libpng10-dev_1.0.15-6_i386.deb
libpng2-dev_1.0.15-6_all.deb
  to pool/main/libp/libpng/libpng2-dev_1.0.15-6_all.deb
libpng2_1.0.15-6_all.deb
  to pool/main/libp/libpng/libpng2_1.0.15-6_all.deb
libpng_1.0.15-6.diff.gz
  to pool/main/libp/libpng/libpng_1.0.15-6.diff.gz
libpng_1.0.15-6.dsc
  to pool/main/libp/libpng/libpng_1.0.15-6.dsc

Reply to:

Prev by Date: Accepted libpng3 1.2.5.0-7 (i386 source all)
Next by Date: Accepted gupsc 0.3.1-4 (i386 source)
Previous by thread: Accepted libpng3 1.2.5.0-7 (i386 source all)
Next by thread: Accepted gupsc 0.3.1-4 (i386 source)
Index(es):
- Date
- Thread