This project is archived. Its data is read-only.

Commit c76f557e authored Dec 03, 2015 by Gustavo Zacarias Committed by Peter Korsgaard Dec 04, 2015

libpng: security bump to version 1.6.20



Fixes:
CVE-2015-8126 - incorrect implementation of png_set_PLTE() that uses
png_ptr not info_ptr, that left png_set_PLTE() open to this vuln.

(fix in previous release was incomplete)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 371e2f7f)

parent c0c568dd

package/libpng/libpng.hash

+3 −3

Original line number	Diff line number	Diff line
		# From http://sourceforge.net/projects/libpng/files/libpng16/1.6.19/
		md5 1e6a458429e850fc93c1f3b6dc00a48f libpng-1.6.19.tar.xz
		sha1 483d72ced11c9258f9d1119105273d9af9ff151c libpng-1.6.19.tar.xz
		# From http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
		md5 3968acb7c66ef81a9dab867f35d0eb4b libpng-1.6.20.tar.xz
		sha1 c4f02051e0b86613076ce390fd15824f3506a148 libpng-1.6.20.tar.xz

package/libpng/libpng.mk

+1 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@
		#
		################################################################################

		LIBPNG_VERSION = 1.6.19
		LIBPNG_VERSION = 1.6.20
		LIBPNG_SERIES = 16
		LIBPNG_SOURCE = libpng-$(LIBPNG_VERSION).tar.xz
		LIBPNG_SITE = http://downloads.sourceforge.net/project/libpng/libpng${LIBPNG_SERIES}/$(LIBPNG_VERSION)