From a315efe3b29b5d2c8756c16ebfdba2810045d9ff Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Wed, 24 May 2017 09:58:09 -0500 Subject: [PATCH] [libpng16] Mention CVE-2016-5737 in CHANGES, update intel "last changed" date --- ANNOUNCE | 7 ++++--- CHANGES | 5 +++-- intel/filter_sse2_intrinsics.c | 2 +- intel/intel_init.c | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 11cc792f4..63585f716 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.30beta04 - May 22, 2017 +Libpng 1.6.30beta04 - May 24, 2017 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -35,7 +35,8 @@ Version 1.6.30beta01 [April 1, 2017] Version 1.6.30beta02 [April 22, 2017] Document need to check for integer overflow when allocating a pixel buffer for multiple rows in contrib/gregbook, contrib/pngminus, - example.c, and in the manual (suggested by Jaeseung Choi). + example.c, and in the manual (suggested by Jaeseung Choi). This + is similar to the bug reported against pngquant in CVE-2016-5735. Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation. Version 1.6.30beta03 [May 22, 2017] @@ -44,7 +45,7 @@ Version 1.6.30beta03 [May 22, 2017] Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt. Fix some URL in documentation. -Version 1.6.30beta04 [May 22, 2017] +Version 1.6.30beta04 [May 24, 2017] Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 4baba8569..6fc73ee40 100644 --- a/CHANGES +++ b/CHANGES @@ -5830,7 +5830,8 @@ Version 1.6.30beta01 [April 1, 2017] Version 1.6.30beta02 [April 22, 2017] Document need to check for integer overflow when allocating a pixel buffer for multiple rows in contrib/gregbook, contrib/pngminus, - example.c, and in the manual (suggested by Jaeseung Choi). + example.c, and in the manual (suggested by Jaeseung Choi). This + is similar to the bug reported against pngquant in CVE-2016-5735. Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation. Version 1.6.30beta03 [May 22, 2017] @@ -5839,7 +5840,7 @@ Version 1.6.30beta03 [May 22, 2017] Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt. Fix some URL in documentation. -Version 1.6.30beta04 [May 22, 2017] +Version 1.6.30beta04 [May 24, 2017] Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/intel/filter_sse2_intrinsics.c b/intel/filter_sse2_intrinsics.c index 2534391c8..b91d8da96 100644 --- a/intel/filter_sse2_intrinsics.c +++ b/intel/filter_sse2_intrinsics.c @@ -5,7 +5,7 @@ * Written by Mike Klein and Matt Sarett * Derived from arm/filter_neon_intrinsics.c * - * Last changed in libpng 1.6.29 [(PENDING RELEASE)] + * Last changed in libpng 1.6.29 [March 16, 2017] * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer diff --git a/intel/intel_init.c b/intel/intel_init.c index 4472a9367..8f08baf8c 100644 --- a/intel/intel_init.c +++ b/intel/intel_init.c @@ -5,7 +5,7 @@ * Written by Mike Klein and Matt Sarett, Google, Inc. * Derived from arm/arm_init.c * - * Last changed in libpng 1.6.29 [(PENDING RELEASE)] + * Last changed in libpng 1.6.29 [March 16, 2017] * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer