Univention Bugzilla – Bug 49376
libpng1.6: Multiple issues (4.4)
Last modified: 2019-05-02 13:22:36 CEST
New Debian libpng1.6 1.6.28-1+deb9u1 fixes: This update addresses the following issue: * use-after-free in png_image_free in png.c (CVE-2019-7317)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libpng1.6_1.6.28-1.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/libpng1.6_1.6.28-1+deb9u1.dsc @@ -1,3 +1,9 @@ +1.6.28-1+deb9u1 [Thu, 18 Apr 2019 22:12:35 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Call png_image_free_function without guarding it with png_safe_execute + (CVE-2019-7317) (Closes: #921355) + 1.6.28-1 [Mon, 09 Jan 2017 19:50:31 +0100] Gianfranco Costamagna <locutusofborg@debian.org>: * New upstream release. <http://10.200.17.11/4.4-0/#5351116651687284928>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] 1740b21353 Bug #49376: libpng1.6 1.6.28-1+deb9u1 doc/errata/staging/libpng1.6.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-0] f0b9e8670f Bug #49376: libpng1.6 1.6.28-1+deb9u1 doc/errata/staging/{kauth.yaml => libpng1.6.yaml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
<http://errata.software-univention.de/ucs/4.4/65.html>