[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 343-1] libpng security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libpng
Version        : 1.2.44-1+squeeze5
CVE ID         : CVE-2012-3425 CVE-2015-7981 CVE-2015-8126

   * CVE-2015-7981
     Added a safety check in png_set_tIME() (Bug report from Qixue Xiao).
   * CVE-2015-8126
     Multiple buffer overflows in the (1) png_set_PLTE and
     (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x
     before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24,
     and 1.6.x before 1.6.19 allow remote attackers to cause a denial
     of service (application crash) or possibly have unspecified other
     impact via a small bit-depth value in an IHDR (aka image header)
     chunk in a PNG image.
   * CVE-2012-3425
     vulnerable code is not present here

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWS5voXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHUVMQAIg/P9+YvhDT6ZCREHrWLal3
3CIo9TszFZ3JDDsXa8RhysgBt2Mx1FXUKIYerEf8NevzquzUbLlce1kfTSPtOhdP
TF3t3F6FG5UYRUgKoFL1e9G3PLI0zy023mvuZ2YWqsgINwQPPMGE3/aeNaXv4+8L
R5gDU+j9SwceV7+QHdI3WVNoOhemXqC167GwWYdMCsQ19ApmBBcl3Y0vSOQlLeQ+
1mu518d3HUAhur9zqJKvDm0hvbZcQOcrn/N5hcXU8qC9ZApc1sOFnedBb2JeVQP8
rlwB1mDxueymEJncC4KzmNxjOUv6mARe0jYeR0b99XahPgUMYG34wjfWj+0Va6m/
5QEbKl16Sv+iX754OceG8uq05ZjriFzXc7BmncJZc7B5v74ABFhrMMk6+qu4CYW0
Oi1BneBJBNFuGDCEEc7f4Eil0Xrq/DwHpsNqVUc8kkPxmq6WAM1P/WRjvrFi0bUN
976xa+lVQfBQQTMMNe/R5K22UBltk63F88pBvjoQUScqSZCG8hw0oPmu5VgGm7Fl
wzRVqseIA9/AFQPZCDCqqikgsTdRjpFS7nBAwRwocC0hmwxjAKL9Cc/jncc/lgYW
JRdj0JKAi9KmqA2pQcOecJT1QRw3gPCWYuZvj/BVCfBlT0J9HcRt74pzSL4Hm6js
MEhbOD2kQ5eminDjMJFO
=wFbZ
-----END PGP SIGNATURE-----


Reply to: