-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Nov 2015 19:31:24 +0100 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source amd64 Version: 1.2.49-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Anibal Monsalve Salazar <anibal@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Closes: 803078 805113 Changes: libpng (1.2.49-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-7981.patch patch. CVE-2015-7981: Out-of-bounds read in png_convert_to_rfc1123. (Closes: #803078) * Add Prevent-writing-over-length-PLTE-chunk-Cosm.patch patch. CVE-2015-8126: Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions. (Closes: #805113) * Add Fixed-new-bug-with-CRC-error-after-reading-.patch patch. Fixed new bug with CRC error after reading an over-length palette. Checksums-Sha1: 2934aa4cc73fe37280f8c5623d13898c6c27ec92 1987 libpng_1.2.49-1+deb7u1.dsc 93cdd7e4fe01b490cf045e3f354ab38f0200c540 669011 libpng_1.2.49.orig.tar.bz2 e9061afc87f2a68ce12eefa61b5ff4cd5a0c4fac 18111 libpng_1.2.49-1+deb7u1.debian.tar.bz2 04c71ca3c81152aa6b434ad94c5ad10d83159a21 190692 libpng12-0_1.2.49-1+deb7u1_amd64.deb b775b9354a73ed8e8a419b8d7964a3213a75d0d6 267326 libpng12-dev_1.2.49-1+deb7u1_amd64.deb 4db3f15a6f9f71b9fe1d2c7e4d7a61eacf082610 958 libpng3_1.2.49-1+deb7u1_amd64.deb 3d3426bb51b7ff20420e7aefc3c350a15e0fb49d 63896 libpng12-0-udeb_1.2.49-1+deb7u1_amd64.udeb Checksums-Sha256: 3f39b5b17b75d1a390b05d0c7169560bd15e621a204a8ff0d5814f3dff441288 1987 libpng_1.2.49-1+deb7u1.dsc fbf8faa70ebca2ed2ee6df6f2249f4722517b581af5b6c3c71bbdaf925d5954e 669011 libpng_1.2.49.orig.tar.bz2 82a191df9f4430cc9dc4372201e2dd16f294031dcc492116e6d4f765279bf0dd 18111 libpng_1.2.49-1+deb7u1.debian.tar.bz2 dd0b8620227148f32903a50b60b78612c99e68a4166ae7f5f149a281566995c5 190692 libpng12-0_1.2.49-1+deb7u1_amd64.deb 3b85742458c119c7c4ba0aeab6b1b9425acf0d5cb3b3732736c99554c9bab2dd 267326 libpng12-dev_1.2.49-1+deb7u1_amd64.deb 84781eaf148632a54c81bc34c00b1946aa2b7acda835018a689e08c9ddeebd5d 958 libpng3_1.2.49-1+deb7u1_amd64.deb 3ebdcc2e886f871dc18f34cdaa5917546ad1fc393e60c33405d5070f5b6bad76 63896 libpng12-0-udeb_1.2.49-1+deb7u1_amd64.udeb Files: 5fd562ec548a798eb94825a15aee94b8 1987 libs optional libpng_1.2.49-1+deb7u1.dsc d5106b70b4f8b464a7da66bffe4565fb 669011 libs optional libpng_1.2.49.orig.tar.bz2 a1a69c7a7c312064f60e9c6e7840e755 18111 libs optional libpng_1.2.49-1+deb7u1.debian.tar.bz2 b8cb22e8f7d8dbe4c57630c096e78bd4 190692 libs optional libpng12-0_1.2.49-1+deb7u1_amd64.deb b67174ad000d1fe9c93d28ed52c4bc4d 267326 libdevel optional libpng12-dev_1.2.49-1+deb7u1_amd64.deb 66b63e967b20aa836632fd9f289fcc66 958 oldlibs optional libpng3_1.2.49-1+deb7u1_amd64.deb 5f36e83d58e6d0084585b95db650fad4 63896 debian-installer extra libpng12-0-udeb_1.2.49-1+deb7u1_amd64.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWTA2YAAoJEAVMuPMTQ89EbOMQAJ7WoqvyXo8mQ4kYP0TMwN3z LNASZWAXe9ULAuHWc/Ep5BYboNGLeslQx0e6IRuOk6ODzb/RkctOIPoNRzc0kFyG u2II+o74oqA2OtVMo/SXpykpKZofKYDsn6lD5+ZvBM6rl6Y9r2ai+YgmrXaXMwiU phB4etLFLXZcZyOJxwYRjKLlybWu0rkD5zd2UJ54Aapue0tqHxo2FnHlzZHN34qs u8Yggh276tcWkSaCVqxoGkcuiDUMKkY8NCiZInXKkE8fO1QUpRkpMhWJr5AT1gHm Zj/Ucgk1p+a1iAdTTPfohHdvNrZ/cuOZEn2j7Tt2F8dj0LwNy9hZ2chJDUZ3liiT 3ih4zIZ/lEcfL3sBgjL/qW1MM/Klu3SjinCpZXBljHTjSBZQ3wg/CsYXbTWbasHS ZhuLF1wsJdEEIaW4QsZ/svI2k2Dqcfkv0KSJnIsKmTzT0f7idfhF+/KjD2f9PwSC QfwP64VgNvP7A8/sdGyKK3RypF+zZMXNp6NJMhjI6JPylPpYMnc5xgiZ7wq7VJOW n3jhNuPI0g7iHlUDhU25UvR4QHwjQ2om9WDnRBPchU8b3unXCmPn8cqoZkd67SD2 xPIXfJ8aDDVwMiCkWcU06ZmJO01Zg/YBHu15vElWnLBYrUfv7jxl2ks61nrujQPD 3vgRetuM0b78K62jFnut =QARm -----END PGP SIGNATURE-----