[ubuntu/natty-security] libpng 1.2.44-1ubuntu3.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jul 26 17:03:57 UTC 2011 

libpng (1.2.44-1ubuntu3.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692

Date: Tue, 26 Jul 2011 08:29:58 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/libpng/1.2.44-1ubuntu3.1
-------------- next part --------------
Format: 1.8
Date: Tue, 26 Jul 2011 08:29:58 -0400
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.44-1ubuntu3.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Changes: 
 libpng (1.2.44-1ubuntu3.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via error message data
     - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
       pngerror.c.
     - CVE-2011-2501
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via crafted PNG image
     - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
       pngrtran.c.
     - CVE-2011-2690
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via invalid sCAL chunks
     - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
       pngrutil.c.
     - CVE-2011-2692
Checksums-Sha1: 
 caaa29e96c6d951c89c0fe99b3649c76fa741b47 1950 libpng_1.2.44-1ubuntu3.1.dsc
 abc9f1dfb1a7c264a70f352a33fcfd02420fe6af 16615 libpng_1.2.44-1ubuntu3.1.debian.tar.bz2
Checksums-Sha256: 
 b26bfd527fb0a20c7373c1d29ca25e0599866e6df8ffd3391162278137233c46 1950 libpng_1.2.44-1ubuntu3.1.dsc
 2d8060ba59fbe2d49e02d790086fc50bd3b635d083771b4aabe1e941e8964fa4 16615 libpng_1.2.44-1ubuntu3.1.debian.tar.bz2
Files: 
 f0c2b9aa49b2aee489ca1273e6a570e4 1950 libs optional libpng_1.2.44-1ubuntu3.1.dsc
 e2f4a15ab20b19905fc20f828baa5b64 16615 libs optional libpng_1.2.44-1ubuntu3.1.debian.tar.bz2
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>

More information about the Natty-changes mailing list