[devel] Added recent CVE numbers at relevant places in the CHANGES file.

This commit is contained in:
Glenn Randers-Pehrson 2011-07-14 09:47:26 -05:00
parent e9ef47f69e
commit 0a007b743e

View File

@ -3149,8 +3149,8 @@ version 1.5.1beta01 [January 8, 2011]
in version 1.5.0beta36 but is not noted in the CHANGES. Similarly, in version 1.5.0beta36 but is not noted in the CHANGES. Similarly,
it was changed from png_charpp to png_const_bytepp in png_set_iCCP(). it was changed from png_charpp to png_const_bytepp in png_set_iCCP().
Ensure that png_rgb_to_gray ignores palette mapped images, if libpng Ensure that png_rgb_to_gray ignores palette mapped images, if libpng
internally happens to call it with one. internally happens to call it with one, and fixed a failure to handle
Fixed a failure to handle palette mapped images correctly. palette mapped images correctly. This fixes CVE-2690.
Version 1.5.1beta02 [January 14, 2011] Version 1.5.1beta02 [January 14, 2011]
Fixed a bug in handling of interlaced images (bero at arklinux.org). Fixed a bug in handling of interlaced images (bero at arklinux.org).
@ -3347,7 +3347,7 @@ Version 1.5.3beta05 [May 6, 2011]
dependency of the tIME-supporting RFC1132 code on stdio is removed and dependency of the tIME-supporting RFC1132 code on stdio is removed and
PNG_NO_WARNINGS does actually work now. PNG_NO_WARNINGS does actually work now.
Pass "" instead of '\0' to png_default_error() in png_err(). This mistake Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
was introduced in libpng-1.2.20beta01. was introduced in libpng-1.2.20beta01. This fixes CVE-2011-2691.
Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib "CMF" byte Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib "CMF" byte
optimization configureable. optimization configureable.
IDAT compression failed if preceded by a compressed text chunk (bug IDAT compression failed if preceded by a compressed text chunk (bug
@ -3418,7 +3418,8 @@ Version 1.5.3rc02 [June 8, 2011]
Frank Busse, CVE-2011-2501, related to CVE-2004-0421). Frank Busse, CVE-2011-2501, related to CVE-2004-0421).
Version 1.5.3beta11 [June 11, 2011] Version 1.5.3beta11 [June 11, 2011]
Fixed png_handle_sCAL which is broken in 1.5; added sCAL to pngtest.png Fixed png_handle_sCAL which is broken in 1.5. This fixes CVE 2011-2692.
Added sCAL to pngtest.png
Revised documentation about png_set_user_limits() to say that it also affects Revised documentation about png_set_user_limits() to say that it also affects
png writing. png writing.
Revised handling of png_set_user_limits() so that it can increase the Revised handling of png_set_user_limits() so that it can increase the