[ubuntu/quantal] libpng 1.2.49-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu May 24 14:25:43 UTC 2012 

libpng (1.2.49-1ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Revert to gzip compression for libpng12-0's data tarball. Packages in
      the base system may not use bzip2.

libpng (1.2.49-1) unstable; urgency=high

  * New upstream version 1.2.49
    - Fix CVE-2011-3048 (memory corruption flaw)
      Closes: 667475
    - Don't crash with electric fence memory debugger
      Closes: 668082
  * Merged upstream: 02-665208-CVE-2012-3045.patch

libpng (1.2.47-2) unstable; urgency=high

  * Fix Buffer overflow
    Fix CVE-2012-3045
    Add 02-665208-CVE-2012-3045.patch
    Closes: 665208
  * Standards Version is 3.9.3

libpng (1.2.47-1) unstable; urgency=low

  * New upstream version 1.2.47

    The purpose of this release is to fix the dangerous CVE-2011-3026.
    The libpng patch is different from the one that was distributed
    earlier by Chromium, in that the libpng user limit feature is not
    crippled by the patch.

    Remove 02-660026-CVE-2011-3026.patch

libpng (1.2.46-5) unstable; urgency=high

  * Check for both truncation (64-bit platforms) and integer overflow
    Fix CVE-2011-3026
    Add 02-660026-CVE-2011-3026.patch
    Closes: 660026

libpng (1.2.46-4) unstable; urgency=low

  * Update debian/rules.
    Enabled hardened build flags. (Closes: #654149)

Date: Thu, 24 May 2012 10:13:23 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/libpng/1.2.49-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 May 2012 10:13:23 -0400
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.49-1ubuntu1
Distribution: quantal
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 654149 660026 665208 667475 668082
Changes: 
 libpng (1.2.49-1ubuntu1) quantal; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - Revert to gzip compression for libpng12-0's data tarball. Packages in
       the base system may not use bzip2.
 .
 libpng (1.2.49-1) unstable; urgency=high
 .
   * New upstream version 1.2.49
     - Fix CVE-2011-3048 (memory corruption flaw)
       Closes: 667475
     - Don't crash with electric fence memory debugger
       Closes: 668082
   * Merged upstream: 02-665208-CVE-2012-3045.patch
 .
 libpng (1.2.47-2) unstable; urgency=high
 .
   * Fix Buffer overflow
     Fix CVE-2012-3045
     Add 02-665208-CVE-2012-3045.patch
     Closes: 665208
   * Standards Version is 3.9.3
 .
 libpng (1.2.47-1) unstable; urgency=low
 .
   * New upstream version 1.2.47
 .
     The purpose of this release is to fix the dangerous CVE-2011-3026.
     The libpng patch is different from the one that was distributed
     earlier by Chromium, in that the libpng user limit feature is not
     crippled by the patch.
 .
     Remove 02-660026-CVE-2011-3026.patch
 .
 libpng (1.2.46-5) unstable; urgency=high
 .
   * Check for both truncation (64-bit platforms) and integer overflow
     Fix CVE-2011-3026
     Add 02-660026-CVE-2011-3026.patch
     Closes: 660026
 .
 libpng (1.2.46-4) unstable; urgency=low
 .
   * Update debian/rules.
     Enabled hardened build flags. (Closes: #654149)
Checksums-Sha1: 
 4e154b6a7fb4a176fab8b2999727bd76f9695a8d 2083 libpng_1.2.49-1ubuntu1.dsc
 93cdd7e4fe01b490cf045e3f354ab38f0200c540 669011 libpng_1.2.49.orig.tar.bz2
 759ab7de664ada20f5588cfef521c9e5c0ce671b 16360 libpng_1.2.49-1ubuntu1.debian.tar.bz2
Checksums-Sha256: 
 7ac217e6680c0b8a7034c8b9796c91371e89545b9d86a465ad487f9a016d4714 2083 libpng_1.2.49-1ubuntu1.dsc
 fbf8faa70ebca2ed2ee6df6f2249f4722517b581af5b6c3c71bbdaf925d5954e 669011 libpng_1.2.49.orig.tar.bz2
 4263238fafd1cceeac6b9275fc493a877408a4464ec4db859ab0b503c72f20c6 16360 libpng_1.2.49-1ubuntu1.debian.tar.bz2
Files: 
 b0021c4e87c0458a1b16684d74aafc3f 2083 libs optional libpng_1.2.49-1ubuntu1.dsc
 d5106b70b4f8b464a7da66bffe4565fb 669011 libs optional libpng_1.2.49.orig.tar.bz2
 d6c056f53d1d38a5e72c01b703a8c2ea 16360 libs optional libpng_1.2.49-1ubuntu1.debian.tar.bz2
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJPvkSJAAoJEGVp2FWnRL6TY8sP/1iY3ghhlvaDlUYnTcUY4xq9
mNyTriNP9xLJcnWp1j2c+PzwpEax5jlEsEZYX8ZVlre29o2dWWlmabK2oD1t1Wmz
bylJ3d+PuRYOzTN9fiJ3JK4pR9NUt16bd6RtyDS55Tiy+y2saqSuiKy0JJYxH89X
tBLw5XLYVVrt0JXHZb5pJbL8HVg98husHVktqMqajr9UUAtuDj7Dp7hn3UTtxilK
rQUfjVp7zH+ki54JF970fBFWRrYil3UnAUkm7Dbg+ILoJzqV8jBIyXDrH12T6iFg
iEP5PJ6QJ/7H41i4DhNSpef3r1+hRo2eiQH2U8VA/HGqh9iaV4cKZokn425Uvhs6
STHxlbsfYKJ+8UBR0VCd8nJFMRfqGExFYyQK+ujn9ktOggt63/KlSJh7SErpU4tN
mWpaw8WWx5/+a/+RR10EMUlGaAuC3odJCAaXT8PaJtrbOKVPbMVqYkwpsqL/HBWb
mUuTNSV6mel/CBEr6l1NaGrCYkU+Tor3uBC70dXlxT4351m7dVtH7MntAc0kNLEC
gZrhAHcvPM2dNMW86sks4ixtoChbRss2lnWJ2U2592hqkorxutJWPJtoaMOBK28K
p9y8tGs/CIvKahZKYfzp3UWg3oFZCSDEwxHSDz+zHh6wxCpRoLhLcH+VuBb4Hd/d
IKWopCtJYZS/w5Vc5/+y
=ySVS
-----END PGP SIGNATURE-----

More information about the Quantal-changes mailing list