Commit Graph

10 Commits

Author SHA1 Message Date
Julien BOIBESSOT
1cd3e4bf8a libpng: bump to version 1.6.25
1.6.23 tarballs have moved so, while we are at modifying libpng.mk, bump to 1.6.25.

[Peter: add back upstream sha1 hash]
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-09-07 12:04:32 +02:00
Gustavo Zacarias
1d988e8f54 libpng: bump to version 1.6.23
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-15 09:43:50 +02:00
Gustavo Zacarias
dc86b07ccc libpng: bump to version 1.6.22
Rebase patch 1 in git format, and rebase patch 2 against 1.6.22.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-26 21:35:38 +02:00
Gustavo Zacarias
5be4c99b18 libpng: bump to version 1.6.21
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-20 17:27:09 +01:00
Gustavo Zacarias
371e2f7f3c libpng: security bump to version 1.6.20
Fixes:
CVE-2015-8126 - incorrect implementation of png_set_PLTE() that uses
png_ptr not info_ptr, that left png_set_PLTE() open to this vuln.

(fix in previous release was incomplete)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-12-04 21:46:34 +01:00
Gustavo Zacarias
e50c333c35 libpng: security bump to version 1.6.19
Fixes:
png_set_PLTE/png_get_PLTE functions failed to check for
an out-of-range palette when reading or writing PNG files with a bit_depth
less than 8.

CVE not yet assigned.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-11-13 22:35:06 +01:00
Gustavo Zacarias
effd4f1ae7 libpng: bump to version 1.6.18
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-02 16:02:39 +02:00
Gustavo Zacarias
65b25d11df libpng: bump to version 1.6.17
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-04 23:06:55 +02:00
Gustavo Zacarias
5fd9ab402f libpng: security bump to version 1.6.16
Fixes a buffer overflow which may allow an attacker to gain write
access to memory.
CVE requested but not yet assigned.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-24 14:59:02 +01:00
Gustavo Zacarias
b89ce67523 libpng: security bump to version 1.6.15
Fixes an out-of-bounds memory access in png_user_version_check().

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-25 22:33:01 +01:00