Google Git
Sign in
skia / third_party / libpng / f3b1eb68a6edf0976ed2972ee7a46354669a5f66^! / .
commitf3b1eb68a6edf0976ed2972ee7a46354669a5f66[log] [tgz]
authorGlenn Randers-Pehrson <glennrp at users.sourceforge.net>Thu Apr 10 16:40:40 2014 -0500
committerGlenn Randers-Pehrson <glennrp at users.sourceforge.net>Thu Apr 10 16:40:40 2014 -0500
tree64ba2214405fae225f5cf290ceb923aa22e87586
parent12845bc94749b5d493908948475bb697ce03ef4e [diff]
[libpng17] Added some CVE numbers to the January 2013 CHANGES and ANNOUNCE files

diff --git a/ANNOUNCE b/ANNOUNCE
index 57d1d8d..e35f5c9 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE

@@ -1,5 +1,5 @@
 
-Libpng 1.7.0beta35 - April 6, 2014
+Libpng 1.7.0beta35 - April 10, 2014
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -112,7 +112,9 @@
     programs to generate and test a PNG which should have the problem.
 
 Version 1.7.0alpha08 [January 17, 2013]
-  Corrected previous attempt at overflow detection in png_set_unknown_chunks().
+  Corrected previous attempt at overflow detection in png_set_unknown_chunks()
+  (CVE-2013-7353).  Added overflow detection in png_set_sPLT() and
+  png_set_text_2() (CVE-2013-7354).
 
 Version 1.7.0alpha09 [January 21, 2013]
   Pulled changes to multi-chunk handling from libpng-1.6.0beta40.
@@ -572,7 +574,7 @@
   Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio.
   Moved configuration information from the manual to the INSTALL file.
 
-Version 1.7.0beta35 [April 6, 2014]
+Version 1.7.0beta35 [April 10, 2014]
   Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because
     they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3
     when using its "__builtin_pow()" function.

diff --git a/CHANGES b/CHANGES
index f512ada..7c61b44 100644
--- a/CHANGES
+++ b/CHANGES

@@ -4400,7 +4400,9 @@
     programs to generate and test a PNG which should have the problem.
 
 Version 1.7.0alpha08 [January 17, 2013]
-  Corrected previous attempt at overflow detection in png_set_unknown_chunks().
+  Corrected previous attempt at overflow detection in png_set_unknown_chunks()
+  (CVE-2013-7353).  Added overflow detection in png_set_sPLT() and
+  png_set_text_2() (CVE-2013-7354).
 
 Version 1.7.0alpha09 [January 21, 2013]
   Pulled changes to multi-chunk handling from libpng-1.6.0beta40.
@@ -4861,7 +4863,7 @@
   Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio.
   Moved configuration information from the manual to the INSTALL file.
 
-Version 1.7.0beta35 [April 6, 2014]
+Version 1.7.0beta35 [April 10, 2014]
   Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because
     they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3
     when using its "__builtin_pow()" function.