-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Nov 2015 18:03:02 +0100 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source all i386 Version: 1.2.44-1+squeeze5 Distribution: squeeze-lts Urgency: high Maintainer: Anibal Monsalve Salazar <anibal@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Changes: libpng (1.2.44-1+squeeze5) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2015-7981 Added a safety check in png_set_tIME() (Bug report from Qixue Xiao). * CVE-2015-8126 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. * CVE-2012-3425 vulnerable code is not present here Checksums-Sha1: d83b5b941c63775be9dcb32adb25b39854deee19 1973 libpng_1.2.44-1+squeeze5.dsc 07bd9d67c6e6076416a951451e1b05c2660e9d0d 657967 libpng_1.2.44.orig.tar.bz2 e1a73c2108ce2a76c531bba0c8eb50b0ace20100 19624 libpng_1.2.44-1+squeeze5.debian.tar.bz2 cf202b6f2ffb56c9334a97b66d806ec6f40f0d64 876 libpng3_1.2.44-1+squeeze5_all.deb d93c143ef87d57d9172736c2c68dba5d5206499f 177160 libpng12-0_1.2.44-1+squeeze5_i386.deb dc45b69077e90aad7e7145024b40c1fc9ca10982 261728 libpng12-dev_1.2.44-1+squeeze5_i386.deb 87c1df31e5f9405bfb1974cc29a33c472bd09a43 70202 libpng12-0-udeb_1.2.44-1+squeeze5_i386.udeb Checksums-Sha256: f3df20282c2150f5f2156b7e85dfb214e6471f2a824150b495d17c466eba1620 1973 libpng_1.2.44-1+squeeze5.dsc b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215 657967 libpng_1.2.44.orig.tar.bz2 aaca641cdb1fb55d3a5b51a2eee579e7e0331818262150a88071232368f95254 19624 libpng_1.2.44-1+squeeze5.debian.tar.bz2 77938ce19b88d526a1833f89720078065f42e4bbe774e47c27e555829ab8ae33 876 libpng3_1.2.44-1+squeeze5_all.deb 7542e95dbdd5cf1fb84ad46d00ce62fceaec29a78edbceae550a4f8bd458b22d 177160 libpng12-0_1.2.44-1+squeeze5_i386.deb 65956d9dbb758033b09ebb58e748e84518392ed142c890727fb78d3f4615e17d 261728 libpng12-dev_1.2.44-1+squeeze5_i386.deb 63a6f79d8b5dcc460c6a1440cf5c6bb2631db45afd6dadbaa1b8a2f47e90a1e3 70202 libpng12-0-udeb_1.2.44-1+squeeze5_i386.udeb Files: 461eb010c7c4cbeef2def913eb11fe65 1973 libs optional libpng_1.2.44-1+squeeze5.dsc e3ac7879d62ad166a6f0c7441390d12b 657967 libs optional libpng_1.2.44.orig.tar.bz2 9f27edecb38959add494f22e2daac2aa 19624 libs optional libpng_1.2.44-1+squeeze5.debian.tar.bz2 a97fa935f60dcc757ec2a612d1fc9baa 876 oldlibs optional libpng3_1.2.44-1+squeeze5_all.deb 9b74852ab8151463c1a7a14367c1789a 177160 libs optional libpng12-0_1.2.44-1+squeeze5_i386.deb 73fc4ae5c29abd80b5dd062f0724de0d 261728 libdevel optional libpng12-dev_1.2.44-1+squeeze5_i386.deb 98699b98cf8120d5ef8d2e557364b2fd 70202 debian-installer extra libpng12-0-udeb_1.2.44-1+squeeze5_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJWS3o7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH/tMQAIJiYsNZgMV2y9nI4vZWWGzT WZlWgM8GKndqXc3u+aY5Scl9AQOiGBs5RfjJ2rIW6z4N05zxgaKRE1xyvA2/75TT 3mw4ABNfDlnOmxXk3O2drHXS1icJbMub/AZzDnR0DpOlkLwLCrdmrIuKPLJGFi+4 ZyuWXiB4h1sGsAE052RVBRdyKWmswhPT+3f4ual076OP0umfuU9GfXTItmKuk646 xeVYeEQcJlFtTPm8mydZrteFqTaOzOD/BTbsT/JEVHc/gl7/Jt0AWlBqZoRKXHXf HO+htNP3u2c0SiEzWNm8NYgSR3aRPgsXc526mMAxsCLi2NxpSbkK6MY3P1JfFW7J 9FfwFaUYamXFvauAsSOc/72MWnG8Bef4CdqC4pFcG9OtjDPGtHC1EVP1DNT4VGRT o27z1zZpzG9qzIjqLkiNTIeqPD/ZtAls/MVrxx3nAH3r+HvS9K0AogmF7Ue2aP07 IPKyyOMU7BbHC10GS3MN4NgQyBpZjmfMip1vmIu9sgp2lGLkgntlDJcj11tJuo9V flIb5ATP2TSBj+C4FRfw7nnPcbz4kp0RxV8VPTlL60bIncg5oAsNarfW+dVnQZ3a ae0pbcjRbqQpBtkdl+5xupotYZ4xKtwjkL/rSo8KELl7LdHWU0dXfkwTK6hlB5H9 Vs48l+vILm+Pgq2aDJds =bSHU -----END PGP SIGNATURE-----