[ubuntu/lucid-security] libpng, libpng (delayed) 1.2.42-1ubuntu2.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Jul 8 14:03:40 BST 2010 

libpng (1.2.42-1ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution from additional data row via
    malformed PNG image
    - debian/patches/03-CVE-2010-1205.patch: check for unexpected data
      after the last row in pngpread.c.
    - CVE-2010-1205
  * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
    chunks
    - debian/patches/04-CVE-2010-2249.patch: properly free memory in
      pngrutil.c.
    - CVE-2010-2249

Date: Mon, 05 Jul 2010 11:27:57 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/libpng/1.2.42-1ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Mon, 05 Jul 2010 11:27:57 -0400
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.42-1ubuntu2.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Changes: 
 libpng (1.2.42-1ubuntu2.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution from additional data row via
     malformed PNG image
     - debian/patches/03-CVE-2010-1205.patch: check for unexpected data
       after the last row in pngpread.c.
     - CVE-2010-1205
   * SECURITY UPDATE: denial of service via memory leak from malformed sCAL
     chunks
     - debian/patches/04-CVE-2010-2249.patch: properly free memory in
       pngrutil.c.
     - CVE-2010-2249
Checksums-Sha1: 
 4d61c23995a36fad08172abbd8b024d867f5afbb 1299 libpng_1.2.42-1ubuntu2.1.dsc
 610bf170c9b87270ef4ec09f73ed185ecf4e7c64 19511 libpng_1.2.42-1ubuntu2.1.debian.tar.bz2
Checksums-Sha256: 
 76a1c49843ae199e55737b639a320bd27dd0b1f3b54fbd5bddb62a7fdc2020d8 1299 libpng_1.2.42-1ubuntu2.1.dsc
 fc1f33010d37a4857cb1e42e729f836cf236e09c73c142617dcfc554d0968812 19511 libpng_1.2.42-1ubuntu2.1.debian.tar.bz2
Files: 
 dae31f78418d5db8c3476d7562859658 1299 libs optional libpng_1.2.42-1ubuntu2.1.dsc
 ac49d7354c1ab87a91dbad607733629f 19511 libs optional libpng_1.2.42-1ubuntu2.1.debian.tar.bz2
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>

More information about the Lucid-changes mailing list