-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 5 Aug 2004 12:31:39 +0200 Source: libpng Binary: libpng2 libpng2-dev libpng10-dev libpng10-0 Architecture: source all i386 Version: 1.0.15-6 Distribution: unstable Urgency: high Maintainer: Josselin Mouette <joss@debian.org> Changed-By: Josselin Mouette <joss@debian.org> Description: libpng10-0 - PNG library, older version - runtime libpng10-dev - PNG library, older version - development libpng2 - PNG library, older version - runtime libpng2-dev - PNG library, older version - development Closes: 263496 Changes: libpng (1.0.15-6) unstable; urgency=high . * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of buffer offsets [CAN-2004-0768]. * png.h, pngpread.c, pngrutil.c: patch from Chris Evans <chris@scary.beasts.org> to fix several vulnerabilities (closes: #263496): + libpng fails to properly check length on PNG data [CAN-2004-0597]. + libpng "png_handle_sBIT" does not perform proper checks to avoid stack buffer overflow [CAN-2004-0597]. + libpng "png_handle_iCCP" possible NULL-pointer crash [CAN-2004-0598]. + libpng "png_handle_sPLT" possible integer overflow [CAN-2004-0599]. + libpng "png_read_png" does not properly handle a PNG with excessive height (integer overflow) [CAN-2004-0599]. + libpng progressive reading integer overflow [CAN-2004-0599]. Files: 321e33b48e53883578ea570c614c492d 610 libs optional libpng_1.0.15-6.dsc 9a55f3c0e431076986ecf0bc59ad3057 14152 libs optional libpng_1.0.15-6.diff.gz 57369c51cd688e845e832a469c9a1253 934 libs optional libpng2_1.0.15-6_all.deb 845274de02adc31fc984846255bb2fc0 1160 libdevel extra libpng2-dev_1.0.15-6_all.deb 4782c15efb729321d2ff8c8e28b84ba0 107210 libs optional libpng10-0_1.0.15-6_i386.deb a9a7896a6aec2c52644eff85cc4e0dd5 188368 libdevel optional libpng10-dev_1.0.15-6_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBEg5WrSla4ddfhTMRApwMAJ45eRJxGGFlofk5Fuv3oIn2Q6WjIgCeJuf5 af37E9KnxB8IiX1TgXelafU= =YWh+ -----END PGP SIGNATURE----- Accepted: libpng10-0_1.0.15-6_i386.deb to pool/main/libp/libpng/libpng10-0_1.0.15-6_i386.deb libpng10-dev_1.0.15-6_i386.deb to pool/main/libp/libpng/libpng10-dev_1.0.15-6_i386.deb libpng2-dev_1.0.15-6_all.deb to pool/main/libp/libpng/libpng2-dev_1.0.15-6_all.deb libpng2_1.0.15-6_all.deb to pool/main/libp/libpng/libpng2_1.0.15-6_all.deb libpng_1.0.15-6.diff.gz to pool/main/libp/libpng/libpng_1.0.15-6.diff.gz libpng_1.0.15-6.dsc to pool/main/libp/libpng/libpng_1.0.15-6.dsc -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org