[ubuntu/xenial-proposed] libpng 1.2.54-1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Jan 6 18:06:13 UTC 2016
libpng (1.2.54-1ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
Date: Wed, 06 Jan 2016 12:39:08 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libpng/1.2.54-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 Jan 2016 12:39:08 -0500
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.54-1ubuntu1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Changes:
libpng (1.2.54-1ubuntu1) xenial; urgency=medium
.
* SECURITY UPDATE: overflows in png_handle_zTXt(), png_handle_sPLT(),
png_handle_pCAL(), and png_set_PLTE()
- debian/patches/CVE-2015-8472.patch: check lengths in pngrutil.c,
properly use info_ptr in pngset.c.
- CVE-2015-8472
* SECURITY UPDATE: out-of-range read in png_check_keyword()
- debian/patches/CVE-2015-8540.patch: check key_len in pngwutil.c.
- CVE-2015-8540
Checksums-Sha1:
a902254f30c88caae891ae7fe0d60f597c1caedf 2115 libpng_1.2.54-1ubuntu1.dsc
9a31b8ced7b99185a624ff93cfe3ef5fe4b998fd 18612 libpng_1.2.54-1ubuntu1.debian.tar.xz
Checksums-Sha256:
3522cc6f379d27741b54121bba552cb5b1d0525fd1f6aa9942e774527828b13d 2115 libpng_1.2.54-1ubuntu1.dsc
b0edf2c01a4dcefa88c26d0e5ddafc3bada204acce665e7a16ab0133b580cc0b 18612 libpng_1.2.54-1ubuntu1.debian.tar.xz
Files:
e835f0ad60d3c9b34a61299c6b35f0bd 2115 libs optional libpng_1.2.54-1ubuntu1.dsc
561c35340c9a0cb27b78735dd17f072d 18612 libs optional libpng_1.2.54-1ubuntu1.debian.tar.xz
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWjVdjAAoJEGVp2FWnRL6T4UEP/23DlsafkHnst6F2TuNvUYPe
vEfD6+O99POxcm2oFUyNM2VW9VhxlAkU7dJbxM6gnxikwh29cr+uzRLxrhnl5mz2
MpdtrqVa3TZO/YteueDQt62YT1MDGIY4q5kUXohd3xVVMJx5aKZfacJZibbKlC4b
4jVZHsLqKtTDIkzzNRMdK4V2g1lR7DoQRlnprb4JDARa/6PKbpQ8SefER3fkmw5A
tG4Nu3O9hJtFMsHhw9Ej1fnHJ8+4zD0Qt25meFKFYsqXWi7h8W5EbmpN+WZ5zUHx
ztJF47Nf370p4RU5qYRoCfXUneCZ+nxm233f8txNGpPKTU9BY6nELodcPI/1iFEy
Ni4CTaF3AZ0nmjtaw97aYi7G/fjkcfm/4pz3+anV5ptj3ARVKvFsUFNymxAiUWj9
UgrT48lUhqQ0d+59zMgPZwhtfyUhIsrJ9+cecPeaL+6FHOjEFaQx/W0i64mRHDeX
//FTb+mXU1mwo2Sv2HH/i6zEi4SCWnCd158X/H9Yi6Ud2UpA2/xAYCCRgXUxao/6
FuyV+TUsihG72w+UK+akp0Xgvu8pBHwJ4NPPWt6KYp9QddwyM9etNYrSBeX7x2Gs
p7F8XtmO6K4creh4msFjDRbcqSE4nMGD4E8WvpwBSe7PjJMFsPbfyg3l+2MaRdyp
4YpA2abxeUUDAZHqvXEN
=GTHp
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list