[Bug 821591] [NEW] Sync libpng 1.2.46-3 (main) from Debian unstable (main)

Marc Deslauriers marc.deslauriers at canonical.com
Fri Aug 5 17:30:32 UTC 2011


Public bug reported:

Please sync libpng 1.2.46-3 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
- All Ubuntu changes are now in the debian package

Changelog entries since current oneiric version 1.2.44-2ubuntu1:

libpng (1.2.46-3) unstable; urgency=low

  * libpng12-0-udeb: Don't use bzip2 compression
    Closes: 634865

 -- Anibal Monsalve Salazar <anibal at debian.org>  Wed, 27 Jul 2011
12:44:46 +1000

libpng (1.2.46-2) unstable; urgency=low

  [ Steve Langasek ]
  * Build for multiarch.  Requires converting libpng3 from Arch: all to
    Arch: any. Closes: 634151
  * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
    directory to the udeb.

  [ Anibal Monsalve Salazar ]
  * Fix doc-base file
    Closes: 633944, 633957, 634120
  * Pass "-Zbzip2 -z9" to dpkg-deb

 -- Anibal Monsalve Salazar <anibal at debian.org>  Mon, 18 Jul 2011
22:05:48 +1000

libpng (1.2.46-1) unstable; urgency=high

  * New upstream release (Closes: #633871).
    - Fix CVE: CVE-2011-2690
      Buffer overwrite in png_rgb_to_gray
    - CVE: CVE-2011-2691
      Crash in png_default_error due to use of NULL Pointer
    - CVE: CVE-2011-2692
      Memory corruption when handling empty sCAL chunks
    - Update patches/01-legacy.patch
    - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.

 -- Nobuhiro Iwamatsu <iwamatsu at debian.org>  Fri, 15 Jul 2011 11:47:49
+0900

libpng (1.2.44-3) unstable; urgency=high

  * Fix 1-byte uninitialized memory reference in png_format_buffer()
    Fix CVE-2011-2501
    Add debian/patches/02-632786-CVE-2011-2501.patch
    Closes: 632786
  * Standards version is 3.9.2
  * Fix xc-package-type-in-debian-control
  * Fix debian-rules-missing-recommended-target

 -- Anibal Monsalve Salazar <anibal at debian.org>  Wed, 06 Jul 2011
10:04:32 +1000

** Affects: libpng (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

** Changed in: libpng (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: libpng (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpng in Ubuntu.
https://bugs.launchpad.net/bugs/821591

Title:
  Sync libpng 1.2.46-3 (main) from Debian unstable (main)

Status in “libpng” package in Ubuntu:
  Confirmed

Bug description:
  Please sync libpng 1.2.46-3 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
  - All Ubuntu changes are now in the debian package

  Changelog entries since current oneiric version 1.2.44-2ubuntu1:

  libpng (1.2.46-3) unstable; urgency=low

    * libpng12-0-udeb: Don't use bzip2 compression
      Closes: 634865

   -- Anibal Monsalve Salazar <anibal at debian.org>  Wed, 27 Jul 2011
  12:44:46 +1000

  libpng (1.2.46-2) unstable; urgency=low

    [ Steve Langasek ]
    * Build for multiarch.  Requires converting libpng3 from Arch: all to
      Arch: any. Closes: 634151
    * Drop debian/libpng12-0-udeb.dirs, which just adds a pointless empty
      directory to the udeb.

    [ Anibal Monsalve Salazar ]
    * Fix doc-base file
      Closes: 633944, 633957, 634120
    * Pass "-Zbzip2 -z9" to dpkg-deb

   -- Anibal Monsalve Salazar <anibal at debian.org>  Mon, 18 Jul 2011
  22:05:48 +1000

  libpng (1.2.46-1) unstable; urgency=high

    * New upstream release (Closes: #633871).
      - Fix CVE: CVE-2011-2690
        Buffer overwrite in png_rgb_to_gray
      - CVE: CVE-2011-2691
        Crash in png_default_error due to use of NULL Pointer
      - CVE: CVE-2011-2692
        Memory corruption when handling empty sCAL chunks
      - Update patches/01-legacy.patch
      - Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.

   -- Nobuhiro Iwamatsu <iwamatsu at debian.org>  Fri, 15 Jul 2011 11:47:49
  +0900

  libpng (1.2.44-3) unstable; urgency=high

    * Fix 1-byte uninitialized memory reference in png_format_buffer()
      Fix CVE-2011-2501
      Add debian/patches/02-632786-CVE-2011-2501.patch
      Closes: 632786
    * Standards version is 3.9.2
    * Fix xc-package-type-in-debian-control
    * Fix debian-rules-missing-recommended-target

   -- Anibal Monsalve Salazar <anibal at debian.org>  Wed, 06 Jul 2011
  10:04:32 +1000

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/821591/+subscriptions




More information about the foundations-bugs mailing list