-
Committer:
Bazaar Package Importer
-
Author(s):
Josselin Mouette, CAN-2004-0598, CAN-2004-0599
-
Date:
2004-08-05 12:31:39 UTC
-
Revision ID:
james.westby@ubuntu.com-20040805123139-cxugqti2fgmie3ej
Tags: 1.0.15-6
* pngrtran.c: applied upstream patch 4 to fix incorrect calculation of
buffer offsets [CAN-2004-0768].
* png.h, pngpread.c, pngrutil.c: patch from Chris Evans
<chris@scary.beasts.org> to fix several vulnerabilities (closes: #263496):
+ libpng fails to properly check length on PNG data [CAN-2004-0597].
+ libpng "png_handle_sBIT" does not perform proper checks to avoid stack
buffer overflow [CAN-2004-0597].
+ libpng "png_handle_iCCP" possible NULL-pointer crash
[CAN-2004-0598].
+ libpng "png_handle_sPLT" possible integer overflow
[CAN-2004-0599].
+ libpng "png_read_png" does not properly handle a PNG with excessive
height (integer overflow) [CAN-2004-0599].
+ libpng progressive reading integer overflow [CAN-2004-0599].