[ubuntu/hardy-security] libpng, libpng (delayed) 1.2.15~beta5-3ubuntu0.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Mar 16 17:06:16 GMT 2010
libpng (1.2.15~beta5-3ubuntu0.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- pngrutil.c: use new two-pass decompression method backported from
1.2.43
- CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
- pngrutil.c: initialize memory if interlaced
- CVE-2009-2042
Date: Mon, 15 Mar 2010 11:10:10 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/libpng/1.2.15~beta5-3ubuntu0.2
-------------- next part --------------
Format: 1.7
Date: Mon, 15 Mar 2010 11:10:10 -0400
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.15~beta5-3ubuntu0.2
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Launchpad-Bugs-Fixed: 533140
Changes:
libpng (1.2.15~beta5-3ubuntu0.2) hardy-security; urgency=low
.
* SECURITY UPDATE: denial of service via decompression bomb (LP: #533140)
- pngrutil.c: use new two-pass decompression method backported from
1.2.43
- CVE-2010-0205
* SECURITY UPDATE: information disclosure via 1-bit interlaced images
- pngrutil.c: initialize memory if interlaced
- CVE-2009-2042
Files:
59b9f6994e1bef9b8f83561b70afda00 832 libs optional libpng_1.2.15~beta5-3ubuntu0.2.dsc
9f9e2ce175afd0a41bfa613c8672a164 21048 libs optional libpng_1.2.15~beta5-3ubuntu0.2.diff.gz
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>
More information about the Hardy-changes
mailing list