Accepted libpng 1.2.50-2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Nov 2015 19:21:32 +0100
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.50-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 803078 805113
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Changes:
libpng (1.2.50-2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2015-7981.patch patch.
CVE-2015-7981: Out-of-bounds read in png_convert_to_rfc1123.
(Closes: #803078)
* Add Prevent-writing-over-length-PLTE-chunk-Cosm.patch patch.
CVE-2015-8126: Multiple buffer overflows in the png_set_PLTE and
png_get_PLTE functions. (Closes: #805113)
* Add Fixed-new-bug-with-CRC-error-after-reading-.patch patch.
Fixed new bug with CRC error after reading an over-length palette.
Checksums-Sha1:
024ae4301ae8a8112f9b4eaeae50a70d61c86da4 2036 libpng_1.2.50-2+deb8u1.dsc
3ac9c32fc08804d4a1858cb5d02c6d0fb55ede37 539152 libpng_1.2.50.orig.tar.xz
a5e7117c34d7980c98a74c5251409a9380026765 20232 libpng_1.2.50-2+deb8u1.debian.tar.xz
Checksums-Sha256:
8c7302111fb96198a7b3046fdf65697d00f87867b4baf1a1fd1b77ac4111b34d 2036 libpng_1.2.50-2+deb8u1.dsc
4724f81f8c92ac7f360ad1fbf173396ea7c535923424db9fbaff07bfd9d8e8e7 539152 libpng_1.2.50.orig.tar.xz
99cada9cd6af65321604f84821091b764fcd1661d4bd136e4893ebc5a9178206 20232 libpng_1.2.50-2+deb8u1.debian.tar.xz
Files:
9df487847a931ba2862eafb3d812483d 2036 libs optional libpng_1.2.50-2+deb8u1.dsc
a3e00fccbfe356174ab515b5c00641c7 539152 libs optional libpng_1.2.50.orig.tar.xz
e91ab33a8ed0e80204f9fda77da4fc45 20232 libs optional libpng_1.2.50-2+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWTA8CAAoJEAVMuPMTQ89Evq8QAJ3E2TtZmniJdB998Ku2Ckzn
rtmwyt++0ZZVPZWFTcZcm6PLEeSEITo/7DCHX9FI0vuPtNyoI0pMHgHbD1Aa9GMh
+DwhDGXhuTYVvPCxZR4nMZN5n5gVqo6F02gzFcKy6KdS4qRZl/LLnHfXg504MoNf
46TIxhyTBqkMspshs8Zo1V/Yhp1YAaRf+9oWeev9uOTV+BEQnYlvyK7gtQZNkMco
GEeUz7OJqy8TM6E8wmxbRjBwV3zeC3Cxt7BZKkAwQ25HZ6QYxb7e+wqSQLmYDhYU
EnLGJzqesUUwupaEgor4yzEDTiHuNhQf2TswlPxZUq6Q/BODgM2P7X4TGcPY4OOT
kKG9FTcGdRGw4AT6gNqxhFYztjTDEx+NagfhH9BS5mJKt3rEMRYPkGtOnir6pKeZ
MmMAma9mqdut0LPK/MfLf9pD5m3KhhppoUVEfzu9xj9oJy1qtEtzpa6JOTXPIeqY
/x1gRtQgHcOyCiKxtKRFc5OICf/L+ajnQnZeC42Q+sHakb22aKjojVuO0wzeQrbi
/O0TdRTs/sl1L8T6NevsEVJg5wYLHqXqejjdBJpi0WRBCRR2U+eW+ya5U0YRYHQ6
/wlC7rOUEvxv5PJ98jT2Li+MfaUdqi0cGCRMBieyZf4nYKtzbpVZ6LxjR20opZ5K
B+NFZ+cqJ5OpoPcz0FYk
=SAWe
-----END PGP SIGNATURE-----