From 9d6cab3b21bffd83643975d94cb5209c4140accb Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Sat, 10 Jan 2015 19:18:17 -0600 Subject: [PATCH] [libpng16] Updated recent CVE numbers in CHANGES file. --- ANNOUNCE | 4 ++-- CHANGES | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index f99399565..dacac7865 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.17beta01 - January 1, 2015 +Libpng 1.6.17beta01 - January 11, 2015 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -25,7 +25,7 @@ Other information: Changes since the last public release (1.6.16): -Version 1.6.17beta01 [January 1, 2015] +Version 1.6.17beta01 [January 11, 2015] Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Corrected the width limit calculation in png_check_IHDR(). Removed user limits from pngfix. Also pass NULL pointers to diff --git a/CHANGES b/CHANGES index 836fd1ec8..f2d341992 100644 --- a/CHANGES +++ b/CHANGES @@ -5114,18 +5114,19 @@ Version 1.6.16beta03 [December 21, 2014] Version 1.6.16rc01 [December 21, 2014] Restored a test on width that was removed from png.c at libpng-1.6.9 - (Bug report by Alex Eubanks). + (Bug report by Alex Eubanks, CVE-2015-0973). Version 1.6.16rc02 [December 21, 2014] Undid the update to pngrutil.c in 1.6.16rc01. Version 1.6.16rc03 [December 21, 2014] - Fixed an overflow in png_combine_row with very wide interlaced images. + Fixed an overflow in png_combine_row() with very wide interlaced images + (Bug report and fix by John Bowler, CVE-2014-9495). Version 1.6.16 [December 22, 2014] No changes. -Version 1.6.17beta01 [January 1, 2015] +Version 1.6.17beta01 [January 11, 2015] Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Corrected the width limit calculation in png_check_IHDR(). Removed user limits from pngfix. Also pass NULL pointers to