[ubuntu/lucid-security] libpng 1.2.42-1ubuntu2.2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jul 26 17:04:10 UTC 2011 

libpng (1.2.42-1ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/05-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/06-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/07-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692

Date: Tue, 26 Jul 2011 08:41:48 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/libpng/1.2.42-1ubuntu2.2
-------------- next part --------------
Format: 1.8
Date: Tue, 26 Jul 2011 08:41:48 -0400
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.42-1ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Changes: 
 libpng (1.2.42-1ubuntu2.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via error message data
     - debian/patches/05-CVE-2011-2501.patch: correctly calculate length in
       pngerror.c.
     - CVE-2011-2501
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via crafted PNG image
     - debian/patches/06-CVE-2011-2690.patch: validate coefficients in
       pngrtran.c.
     - CVE-2011-2690
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via invalid sCAL chunks
     - debian/patches/07-CVE-2011-2692.patch: check sCAL chunk length in
       pngrutil.c.
     - CVE-2011-2692
Checksums-Sha1: 
 baa248cf0a66f35f49b5c7063e40e44151bd2e99 1939 libpng_1.2.42-1ubuntu2.2.dsc
 1d953a5863afd6f1912ad9f20bec8d48a6ee50b7 20532 libpng_1.2.42-1ubuntu2.2.debian.tar.bz2
Checksums-Sha256: 
 cdcd6244b0a124289cca1f390b7e71f3bfd7b55ba7d9a0e645a38281e6c386b8 1939 libpng_1.2.42-1ubuntu2.2.dsc
 d3c9ddd1fa0ef1fce321d03c5e559b68a0c19657bc2c435e43ffaab59116ba45 20532 libpng_1.2.42-1ubuntu2.2.debian.tar.bz2
Files: 
 77bdd4a86079d816f208d23e6a56d8e8 1939 libs optional libpng_1.2.42-1ubuntu2.2.dsc
 f0eb3be297e03dd258d73c36bb3dff8d 20532 libs optional libpng_1.2.42-1ubuntu2.2.debian.tar.bz2
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>

More information about the Lucid-changes mailing list