-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 15 Jul 2011 13:06:17 +0900 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source all amd64 Version: 1.2.44-1+squeeze1 Distribution: stable-security Urgency: high Maintainer: Anibal Monsalve Salazar Changed-By: Nobuhiro Iwamatsu Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Closes: 632786 633871 Changes: libpng (1.2.44-1+squeeze1) stable-security; urgency=high . * Apply upstream patch to 1-byte uninitialized memory reference in png_format_buffer(). (Closes: #632786, CVE-2011-2501) * Apply upstream patch to buffer overwrite in png_rgb_to_gray. (Closes: #633871, CVE-2011-2690) * Apply upstream patch to crash in png_default_error due to use of NULL Pointer. (Closes: #633871, CVE-2011-2691) * Apply upstream patch to memory corruption when handling empty sCAL chunks. (Closes: #633871, CVE-2011-2692) Checksums-Sha1: 45a8e4fc8eaf5f8dfc9853c3e0b7bf030541db3b 1220 libpng_1.2.44-1+squeeze1.dsc 07bd9d67c6e6076416a951451e1b05c2660e9d0d 657967 libpng_1.2.44.orig.tar.bz2 b5eaece6cb9f13b7d11d728d8d19dc66359d7a3f 16868 libpng_1.2.44-1+squeeze1.debian.tar.bz2 bcb490754b55519748d4ca3796afddebc08a10de 880 libpng3_1.2.44-1+squeeze1_all.deb 35db55d3d4d7c52fc3d6a18db676906f4e938cfa 180292 libpng12-0_1.2.44-1+squeeze1_amd64.deb aabbdbef0b17f9372873bb244aedd5704c8f0c4f 271912 libpng12-dev_1.2.44-1+squeeze1_amd64.deb 9edf83d59877f7eebe6b728c8810da284c60ef95 73652 libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb Checksums-Sha256: 835250574e621c80944fe60450b959b2b7b72c7387832c85f4d98c36a89f1171 1220 libpng_1.2.44-1+squeeze1.dsc b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215 657967 libpng_1.2.44.orig.tar.bz2 55ad8e3c7bb798d5d9e1f5b699e2f486835760e0317c9253c41a1c5db2674af7 16868 libpng_1.2.44-1+squeeze1.debian.tar.bz2 07c686aa185d25be43d9799cf5ae9a62859e357db026a85fe8960ecfedae2660 880 libpng3_1.2.44-1+squeeze1_all.deb 347650a1fdc4795ee74e28d0320ab1989420af88693388077093363e328e54b4 180292 libpng12-0_1.2.44-1+squeeze1_amd64.deb ba6ba8661767687e798919d1edbd1e023fa203295beddc4e9af71744669dbdac 271912 libpng12-dev_1.2.44-1+squeeze1_amd64.deb c062c253e6483b06b353fe69a76ae70325e0db9125298009a57de0101d7c8e15 73652 libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb Files: bd03fe299fc0e736b4305cad9f9f6900 1220 libs optional libpng_1.2.44-1+squeeze1.dsc e3ac7879d62ad166a6f0c7441390d12b 657967 libs optional libpng_1.2.44.orig.tar.bz2 ca336993266703229b7734da741dde9f 16868 libs optional libpng_1.2.44-1+squeeze1.debian.tar.bz2 8078aad6ce639a863fa46dce21221b24 880 oldlibs optional libpng3_1.2.44-1+squeeze1_all.deb 3bad55f8ab41473f07de953d1f6a9b44 180292 libs optional libpng12-0_1.2.44-1+squeeze1_amd64.deb 8b8090de72a41f922617afe627b50df9 271912 libdevel optional libpng12-dev_1.2.44-1+squeeze1_amd64.deb b1429ec2d57a1bfc432c6a0f99039eef 73652 debian-installer extra libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk4sytAACgkQQWTRs4lLtHl+pQCgjA7UWmWPY7AaXk8f+E2Whzrs QOgAn0sv3l1QCeS4pVQaBrOLqEly3zUy =UYDh -----END PGP SIGNATURE-----