[ubuntu/karmic] libpng 1.2.35-1 (Accepted)

Thu May 14 21:51:35 BST 2009

libpng (1.2.35-1) unstable; urgency=high

  * New upstream release
    - http://secunia.com/advisories/33970/
      Fix a vulnerability reported by Tavis Ormandy in which
      some arrays of pointers are not initialized prior to using
      "malloc" to define the pointers.
      Closes: #516256
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
      The png_check_keyword function in pngwutil.c in libpng, might
      allow context-dependent attackers to set the value of an
      arbitrary memory location to zero via vectors involving
      creation of crafted PNG files with keywords, related to an
      implicit cast of the '\0' character constant to a NULL pointer.
  * Don't build libpng3 when binary-indep target is not called.
    Closes: #486415

libpng (1.2.33-2) unstable; urgency=low

  * Fix the following lintian issues:
    W: libpng12-0: copyright-refers-to-versionless-license-file
       usr/share/common-licenses/GPL

libpng (1.2.33-1) experimental; urgency=low

  * New upstream release 
    - Fix memory leak after reading a malformed tEXt chunk

libpng (1.2.32-1) experimental; urgency=low

  * New upstream release
    - libpng.pc is configured to do static linking; closes: #483477
    - use autoconf variables in .pc and libpng-config; closes: #483478
  * Remove debian/patches/02-501109-pngtest.c.diff; it was merged

Date: Thu,  14 May 2009 21:50:43 +0100
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Anibal Monsalve Salazar <anibal at debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/karmic/+source/libpng/1.2.35-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Thu,  14 May 2009 21:50:43 +0100
Source: libpng
Binary: libpng12-0, libpng12-dev, libpng3, libpng12-0-udeb
Architecture: source
Version: 1.2.35-1
Distribution: karmic
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal at debian.org>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Closes: 483477 483478 486415 516256
Changes: 
 libpng (1.2.35-1) unstable; urgency=high
 .
   * New upstream release
     - http://secunia.com/advisories/33970/
       Fix a vulnerability reported by Tavis Ormandy in which
       some arrays of pointers are not initialized prior to using
       "malloc" to define the pointers.
       Closes: #516256
     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
       The png_check_keyword function in pngwutil.c in libpng, might
       allow context-dependent attackers to set the value of an
       arbitrary memory location to zero via vectors involving
       creation of crafted PNG files with keywords, related to an
       implicit cast of the '\0' character constant to a NULL pointer.
   * Don't build libpng3 when binary-indep target is not called.
     Closes: #486415
 .
 libpng (1.2.33-2) unstable; urgency=low
 .
   * Fix the following lintian issues:
     W: libpng12-0: copyright-refers-to-versionless-license-file
        usr/share/common-licenses/GPL
 .
 libpng (1.2.33-1) experimental; urgency=low
 .
   * New upstream release 
     - Fix memory leak after reading a malformed tEXt chunk
 .
 libpng (1.2.32-1) experimental; urgency=low
 .
   * New upstream release
     - libpng.pc is configured to do static linking; closes: #483477
     - use autoconf variables in .pc and libpng-config; closes: #483478
   * Remove debian/patches/02-501109-pngtest.c.diff; it was merged
Files: 
 bbbe4f30595ec66790e7d3f54f67a17b 1172 libs optional libpng_1.2.35-1.dsc
 8ca6246930a57d5be7adc7c4e7fb5e00 802267 libs optional libpng_1.2.35.orig.tar.gz
 dcfc7a5ce5ed9e6cc8875328f1d0b707 14811 libs optional libpng_1.2.35-1.diff.gz