[libpng17] Added some CVE numbers to the January 2013 CHANGES and ANNOUNCE files
diff --git a/ANNOUNCE b/ANNOUNCE
index 57d1d8d..e35f5c9 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,5 +1,5 @@
-Libpng 1.7.0beta35 - April 6, 2014
+Libpng 1.7.0beta35 - April 10, 2014
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@@ -112,7 +112,9 @@
programs to generate and test a PNG which should have the problem.
Version 1.7.0alpha08 [January 17, 2013]
- Corrected previous attempt at overflow detection in png_set_unknown_chunks().
+ Corrected previous attempt at overflow detection in png_set_unknown_chunks()
+ (CVE-2013-7353). Added overflow detection in png_set_sPLT() and
+ png_set_text_2() (CVE-2013-7354).
Version 1.7.0alpha09 [January 21, 2013]
Pulled changes to multi-chunk handling from libpng-1.6.0beta40.
@@ -572,7 +574,7 @@
Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio.
Moved configuration information from the manual to the INSTALL file.
-Version 1.7.0beta35 [April 6, 2014]
+Version 1.7.0beta35 [April 10, 2014]
Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because
they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3
when using its "__builtin_pow()" function.
diff --git a/CHANGES b/CHANGES
index f512ada..7c61b44 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4400,7 +4400,9 @@
programs to generate and test a PNG which should have the problem.
Version 1.7.0alpha08 [January 17, 2013]
- Corrected previous attempt at overflow detection in png_set_unknown_chunks().
+ Corrected previous attempt at overflow detection in png_set_unknown_chunks()
+ (CVE-2013-7353). Added overflow detection in png_set_sPLT() and
+ png_set_text_2() (CVE-2013-7354).
Version 1.7.0alpha09 [January 21, 2013]
Pulled changes to multi-chunk handling from libpng-1.6.0beta40.
@@ -4861,7 +4863,7 @@
Changed ZlibSrcDir from 1.2.5 to 1.2.8 in projects/vstudio.
Moved configuration information from the manual to the INSTALL file.
-Version 1.7.0beta35 [April 6, 2014]
+Version 1.7.0beta35 [April 10, 2014]
Removed #if/#else/#endif from inside two pow() calls in pngvalid.c because
they were handled improperly by Portland Group's PGI-14.1 - PGI-14.3
when using its "__builtin_pow()" function.