[Bug 821591] Sync libpng 1.2.46-3 (main) from Debian unstable (main)

Colin Watson cjwatson at canonical.com
Wed Aug 10 11:47:29 UTC 2011 

[Updating] libpng (1.2.44-2ubuntu1 [Ubuntu] < 1.2.46-3 [Debian])
 * Trying to add libpng...
2011-08-10 11:47:24 INFO      - <libpng_1.2.46-3.dsc: downloading from http://ftp.debian.org/debian/>
2011-08-10 11:47:24 INFO      - <libpng_1.2.46-3.debian.tar.bz2: downloading from http://ftp.debian.org/debian/>
2011-08-10 11:47:24 INFO      - <libpng_1.2.46.orig.tar.bz2: downloading from http://ftp.debian.org/debian/>
I: libpng [main] -> libpng12-0_1.2.44-2ubuntu1 [main].
I: libpng [main] -> libpng12-dev_1.2.44-2ubuntu1 [main].
I: libpng [main] -> libpng3_1.2.44-2ubuntu1 [universe].
I: libpng [main] -> libpng12-0-udeb_1.2.44-2ubuntu1 [main].


** Changed in: libpng (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpng in Ubuntu.
https://bugs.launchpad.net/bugs/821591

Title:
  Sync libpng 1.2.46-3 (main) from Debian unstable (main)

Status in “libpng” package in Ubuntu:
  Fix Released

Bug description:
  Please sync libpng 1.2.46-3 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
  - All Ubuntu changes are now in the debian package

  Changelog entries since current oneiric version 1.2.44-2ubuntu1:

  libpng (1.2.46-3) unstable; urgency=low

    * libpng12-0-udeb: Don't use bzip2 compression
      Closes: 634865

   -- Anibal Monsalve Salazar <anibal at debian.org>  Wed, 27 Jul 2011
  12:44:46 +1000

  libpng (1.2.46-2) unstable; urgency=low

    [ Steve Langasek ]
    * Build for multiarch.  Requires converting libpng3 from Arch: all to
      Arch: any. Closes: 634151
    * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
      directory to the udeb.

    [ Anibal Monsalve Salazar ]
    * Fix doc-base file
      Closes: 633944, 633957, 634120
    * Pass "-Zbzip2 -z9" to dpkg-deb

   -- Anibal Monsalve Salazar <anibal at debian.org>  Mon, 18 Jul 2011
  22:05:48 +1000

  libpng (1.2.46-1) unstable; urgency=high

    * New upstream release (Closes: #633871).
      - Fix CVE: CVE-2011-2690
        Buffer overwrite in png_rgb_to_gray
      - CVE: CVE-2011-2691
        Crash in png_default_error due to use of NULL Pointer
      - CVE: CVE-2011-2692
        Memory corruption when handling empty sCAL chunks
      - Update patches/01-legacy.patch
      - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.

   -- Nobuhiro Iwamatsu <iwamatsu at debian.org>  Fri, 15 Jul 2011 11:47:49
  +0900

  libpng (1.2.44-3) unstable; urgency=high

    * Fix 1-byte uninitialized memory reference in png_format_buffer()
      Fix CVE-2011-2501
      Add debian/patches/02-632786-CVE-2011-2501.patch
      Closes: 632786
    * Standards version is 3.9.2
    * Fix xc-package-type-in-debian-control
    * Fix debian-rules-missing-recommended-target

   -- Anibal Monsalve Salazar <anibal at debian.org>  Wed, 06 Jul 2011
  10:04:32 +1000

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/821591/+subscriptions

More information about the foundations-bugs mailing list