[ubuntu/maverick-security] libpng 1.2.44-1ubuntu0.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jul 26 17:04:04 UTC 2011 

libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via error message data
    - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
      pngerror.c.
    - CVE-2011-2501
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via crafted PNG image
    - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
      pngrtran.c.
    - CVE-2011-2690
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid sCAL chunks
    - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
      pngrutil.c.
    - CVE-2011-2692

Date: Tue, 26 Jul 2011 08:31:17 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/libpng/1.2.44-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Tue, 26 Jul 2011 08:31:17 -0400
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.44-1ubuntu0.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Changes: 
 libpng (1.2.44-1ubuntu0.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via error message data
     - debian/patches/02-CVE-2011-2501.patch: correctly calculate length in
       pngerror.c.
     - CVE-2011-2501
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via crafted PNG image
     - debian/patches/03-CVE-2011-2690.patch: validate coefficients in
       pngrtran.c.
     - CVE-2011-2690
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via invalid sCAL chunks
     - debian/patches/04-CVE-2011-2692.patch: check sCAL chunk length in
       pngrutil.c.
     - CVE-2011-2692
Checksums-Sha1: 
 22ffba24d975fa34c4648856a3f9c724a75758a9 1939 libpng_1.2.44-1ubuntu0.1.dsc
 2d85e0a2783aa910393a07826147f22024845a04 16352 libpng_1.2.44-1ubuntu0.1.debian.tar.bz2
Checksums-Sha256: 
 f472e2ad77adcf2aece906bf87adb77da2e629e6865eac0d6904c521ca6d0d38 1939 libpng_1.2.44-1ubuntu0.1.dsc
 2097d7097db70256d301f02dfdf63fb9844c91e4c2f4d142ab2c71e692531154 16352 libpng_1.2.44-1ubuntu0.1.debian.tar.bz2
Files: 
 d68bd2bcdb0e1805a9a7d7f71eaacfbc 1939 libs optional libpng_1.2.44-1ubuntu0.1.dsc
 03b406aed4bc5501d27b69d2c0a8a2fc 16352 libs optional libpng_1.2.44-1ubuntu0.1.debian.tar.bz2
Original-Maintainer: Anibal Monsalve Salazar <anibal at debian.org>

More information about the Maverick-changes mailing list