[libpng17] Updated CHANGES and ANNOUNCE
diff --git a/ANNOUNCE b/ANNOUNCE
index f8f0e21..418c4eb 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,5 +1,5 @@
-Libpng 1.7.0beta71 - December 3, 2015
+Libpng 1.7.0beta71 - December 5, 2015
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@@ -1060,7 +1060,8 @@
Removed the side-effect on the png_struct palette of calling png_set_PLTE()
or png_set_tRNS(). This is a quiet API change; it was previously possible
to alter the palette on a PNG image by using png_set_PLTE, but this was
- unintended and inconsistent with the other png_set APIs.
+ unintended and inconsistent with the other png_set APIs. This fixes
+ CVE-2015-8472.
Fixed a bug in palette index checking; png_struct::num_palette could, in
principle, get changed by the transformations (e.g. png_set_quantize)
and this would invalidate the check. The palette checking init function
@@ -1071,7 +1072,12 @@
In particular an abort as a result of a bogus colorspace information
(gAMA, cHRM, sBIT etc) prevents the write of the PLTE chunk.
-Version 1.7.0beta71 [December 3, 2015]
+Version 1.7.0beta71 [December 5, 2015]
+ Implemented new filter selection heuristic.
+ Attempted to make the selection options more intuitive.
+ Fixed a build break in no-write-filters cases.
+ Re-applied some recent patches to libpng17beta70 that were
+ accidentally lost while publishing the beta70 tar distribution.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
diff --git a/CHANGES b/CHANGES
index 6166f84..587f4c8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5359,7 +5359,8 @@
Removed the side-effect on the png_struct palette of calling png_set_PLTE()
or png_set_tRNS(). This is a quiet API change; it was previously possible
to alter the palette on a PNG image by using png_set_PLTE, but this was
- unintended and inconsistent with the other png_set APIs.
+ unintended and inconsistent with the other png_set APIs. This fixes
+ CVE-2015-8472.
Fixed a bug in palette index checking; png_struct::num_palette could, in
principle, get changed by the transformations (e.g. png_set_quantize)
and this would invalidate the check. The palette checking init function
@@ -5370,9 +5371,13 @@
In particular an abort as a result of a bogus colorspace information
(gAMA, cHRM, sBIT etc) prevents the write of the PLTE chunk.
-Version 1.7.0beta71 [December 3, 2015]
-
-Send comments/corrections/commendations to png-mng-implement at lists.sf.net
+Version 1.7.0beta71 [December 5, 2015]
+ Implemented new filter selection heuristic.
+ Attempted to make the selection options more intuitive.
+ Fixed a build break in no-write-filters cases.
+ Re-applied some recent patches to libpng17beta70 that were
+ accidentally lost while publishing the beta70 tar distribution.
+
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
to subscribe)