2004-08-05: libpng security update

libpng (1.0.12-3.woody.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply additional patch from upstream to fix CAN-2004-0768 -- Matt Zimmerman Tue, 3 Aug 2004 20:31:18 -0700 libpng (1.0.12-3.woody.6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Patch from Chris Evans to fix multiple vulnerabilities: - libpng fails to properly check length on PNG data [CAN-2004-0597] - libpng "png_handle_sBIT" does not perform proper checks to avoid stack buffer overflow [CAN-2004-0597] - libpng "png_handle_iCCP" possible NULL-pointer crash [CAN-2004-0598] - libpng "png_handle_sPLT" possible integer overflow [CAN-2004-0599] - libpng "png_read_png" does not properly handle a PNG with excessive height (integer overflow) [CAN-2004-0599] - libpng progressive reading integer overflow [CAN-2004-0599] -- Matt Zimmerman Fri, 16 Jul 2004 14:09:24 -0700