Accepted libpng 1.0.15-6 (i386 source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 5 Aug 2004 12:31:39 +0200
Source: libpng
Binary: libpng2 libpng2-dev libpng10-dev libpng10-0
Architecture: source all i386
Version: 1.0.15-6
Distribution: unstable
Urgency: high
Maintainer: Josselin Mouette <joss@debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description:
libpng10-0 - PNG library, older version - runtime
libpng10-dev - PNG library, older version - development
libpng2 - PNG library, older version - runtime
libpng2-dev - PNG library, older version - development
Closes: 263496
Changes:
libpng (1.0.15-6) unstable; urgency=high
.
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<chris@scary.beasts.org> to fix several vulnerabilities (closes: #263496):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598].
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599].
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].
Files:
321e33b48e53883578ea570c614c492d 610 libs optional libpng_1.0.15-6.dsc
9a55f3c0e431076986ecf0bc59ad3057 14152 libs optional libpng_1.0.15-6.diff.gz
57369c51cd688e845e832a469c9a1253 934 libs optional libpng2_1.0.15-6_all.deb
845274de02adc31fc984846255bb2fc0 1160 libdevel extra libpng2-dev_1.0.15-6_all.deb
4782c15efb729321d2ff8c8e28b84ba0 107210 libs optional libpng10-0_1.0.15-6_i386.deb
a9a7896a6aec2c52644eff85cc4e0dd5 188368 libdevel optional libpng10-dev_1.0.15-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBEg5WrSla4ddfhTMRApwMAJ45eRJxGGFlofk5Fuv3oIn2Q6WjIgCeJuf5
af37E9KnxB8IiX1TgXelafU=
=YWh+
-----END PGP SIGNATURE-----
Accepted:
libpng10-0_1.0.15-6_i386.deb
to pool/main/libp/libpng/libpng10-0_1.0.15-6_i386.deb
libpng10-dev_1.0.15-6_i386.deb
to pool/main/libp/libpng/libpng10-dev_1.0.15-6_i386.deb
libpng2-dev_1.0.15-6_all.deb
to pool/main/libp/libpng/libpng2-dev_1.0.15-6_all.deb
libpng2_1.0.15-6_all.deb
to pool/main/libp/libpng/libpng2_1.0.15-6_all.deb
libpng_1.0.15-6.diff.gz
to pool/main/libp/libpng/libpng_1.0.15-6.diff.gz
libpng_1.0.15-6.dsc
to pool/main/libp/libpng/libpng_1.0.15-6.dsc
Reply to: