Format: 1.7 Date: Thu, 5 Aug 2004 12:37:32 +0200 Source: libpng3 Binary: libpng3-dev libpng12-dev libpng12-0 libpng12-0-udeb libpng3 Architecture: source all m32r Version: 1.2.5.0-7 Distribution: unstable Urgency: high Maintainer: Josselin Mouette Changed-By: Josselin Mouette Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime libpng3-dev - PNG library - development, compatibility package Closes: 263500 Changes: libpng3 (1.2.5.0-7) unstable; urgency=high . * pngrtran.c: applied upstream patch 4 to fix incorrect calculation of buffer offsets [CAN-2004-0768]. * png.h, pngpread.c, pngrutil.c: patch from Chris Evans to fix several vulnerabilities (closes: #263500): + libpng fails to properly check length on PNG data [CAN-2004-0597]. + libpng "png_handle_sBIT" does not perform proper checks to avoid stack buffer overflow [CAN-2004-0597]. + libpng "png_handle_iCCP" possible NULL-pointer crash [CAN-2004-0598]. + libpng "png_handle_sPLT" possible integer overflow [CAN-2004-0599]. + libpng "png_read_png" does not properly handle a PNG with excessive height (integer overflow) [CAN-2004-0599]. + libpng progressive reading integer overflow [CAN-2004-0599]. Files: 28a253f30813e8244b95e04f86763768 398 libs optional libpng3_1.2.5.0-7.dsc 335448374638b0ed042eaf02a984a9d8 13820 libs optional libpng3_1.2.5.0-7.diff.gz b5575b12c9743ed7054f15860e7c4315 946 libs optional libpng3_1.2.5.0-7_all.deb 72ab95aad9070e2acedad31f0dc80127 940 libdevel optional libpng3-dev_1.2.5.0-7_all.deb eb6c4538702493257886b8ef342f8e4b 116226 libs optional libpng12-0_1.2.5.0-7_m32r.deb 08063763d25372e52f875ac6199406ff 245124 libdevel optional libpng12-dev_1.2.5.0-7_m32r.deb 43349717e5de370009906e5f5d45c411 77378 debian-installer optional libpng12-0-udeb_1.2.5.0-7_m32r.udeb package-type: udeb