summaryrefslogtreecommitdiff
path: root/ANNOUNCE
diff options
context:
space:
mode:
Diffstat (limited to 'ANNOUNCE')
-rw-r--r--ANNOUNCE56
1 files changed, 24 insertions, 32 deletions
diff --git a/ANNOUNCE b/ANNOUNCE
index 3aa07ca58..5fcfa2b01 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,5 +1,5 @@
-Libpng 1.0.63 - February 6, 2014
+Libpng 1.0.65 - December 3, 2015
This is a public release of libpng, intended for use in production codes.
@@ -8,51 +8,43 @@ Files available for download:
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
- libpng-1.0.63.tar.xz (LZMA-compressed, recommended)
- libpng-1.0.63.tar.gz
- libpng-1.0.63.tar.bz2
+ libpng-1.0.65.tar.xz (LZMA-compressed, recommended)
+ libpng-1.0.65.tar.gz
Source files with LF line endings (for Unix/Linux) without the
"configure" script
- libpng-1.0.63-no-config.tar.xz (LZMA-compressed, recommended)
- libpng-1.0.63-no-config.tar.gz
- libpng-1.0.63-no-config.tar.bz2
+ libpng-1.0.65-no-config.tar.xz (LZMA-compressed, recommended)
+ libpng-1.0.65-no-config.tar.gz
Source files with CRLF line endings (for Windows), without the
"configure" script
- lpng1063.zip
- lpng1063.7z
- lpng1063.tar.bz2
+ lpng1065.zip
+ lpng1065.7z
Project files
- libpng-1.0.63-project-netware.zip
- libpng-1.0.63-project-wince.zip
+ libpng-1.0.65-project-netware.zip
+ libpng-1.0.65-project-wince.zip
Other information:
- libpng-1.0.63-README.txt
- libpng-1.0.63-KNOWNBUGS.txt
- libpng-1.0.63-LICENSE.txt
- libpng-1.0.63-Y2K-compliance.txt
- libpng-1.0.63-*.asc (armored detached GPG signatures)
-
-Changes since the last public release (1.0.62):
-
- Issue a png_error() instead of a png_warning() when width is
- potentially too large for the architecture, in case the calling
- application has overridden the default 1,000,000-column limit
- (fixes CVE-2014-9495 and CVE-2015-0973).
- Quieted some harmless warnings from Coverity-scan.
- Display user limits in the output from pngtest.
- Changed PNG_USER_CHUNK_MALLOC_MAX from unlimited to 8,000,000.
- This can only be changed at library-build time. It only
- affects the maximum memory that can be allocated to an
- ancillary chunk; it does not limit the size of IDAT
- data, which is instead limited by PNG_USER_WIDTH_MAX.
- Rebuilt configure scripts with automake-1.15 and libtool-2.4.6
+ libpng-1.0.65-README.txt
+ libpng-1.0.65-KNOWNBUGS.txt
+ libpng-1.0.65-LICENSE.txt
+ libpng-1.0.65-Y2K-compliance.txt
+ libpng-1.0.65-*.asc (armored detached GPG signatures)
+
+Changes since the last public release (1.0.64):
+
+ Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(),
+ png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr).
+ Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
+ not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
+ vulnerability.
+ Discontinued distributing tar.bz2 archives.
+ Discontinued distributing libpng-oldversion-newversion-diff.txt
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
View Lorry Controller Status