[ubuntu/hardy-security] libpng, libpng (delayed) 1.2.15~beta5-3ubuntu0.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Jul 8 14:04:08 BST 2010
libpng (1.2.15~beta5-3ubuntu0.3) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- pngpread.c: check for unexpected data after the last row.
- patch backported from 1.2.44
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- pngrutil.c: properly free memory
- patch backported from 1.2.44
- CVE-2010-2249
Date: Mon, 05 Jul 2010 13:09:25 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/libpng/1.2.15~beta5-3ubuntu0.3
-------------- next part --------------
Format: 1.7
Date: Mon, 05 Jul 2010 13:09:25 -0400
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.15~beta5-3ubuntu0.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Changes:
libpng (1.2.15~beta5-3ubuntu0.3) hardy-security; urgency=low
.
* SECURITY UPDATE: arbitrary code execution from additional data row via
malformed PNG image
- pngpread.c: check for unexpected data after the last row.
- patch backported from 1.2.44
- CVE-2010-1205
* SECURITY UPDATE: denial of service via memory leak from malformed sCAL
chunks
- pngrutil.c: properly free memory
- patch backported from 1.2.44
- CVE-2010-2249
Files:
d08a82b28411baa0184d3b8231fd8b61 832 libs optional libpng_1.2.15~beta5-3ubuntu0.3.dsc
f5c0ba19b04eba8264ebb6b30c5617d6 22755 libs optional libpng_1.2.15~beta5-3ubuntu0.3.diff.gz
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>
More information about the Hardy-changes
mailing list