This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[ANNOUNCEMENT] Updated: libpng-1.2.8-2, libpng12-1.2.8-2, libpng12-devel-1.2.8-2, libpng10-1.0.18-2, libpng10-devel-1.0.18-2


The libpng packages offer the standard libraries for manipulating PNG files, a turbo-studly lossless image format. This is a security update. See WARNING below.

libpng10-1.0.18-2
libpng10-devel-1.0.18-2

libpng-1.2.8-2
libpng12-1.2.8-2
libpng12-devel-1.2.8-2

CHANGES:
+  Version management handled by update-alternatives instead of
   homegrown postinstall scripts.

1.2.x series:
-----
+ routine version update
  + fixes the following security advisories (present in 1.2.5-4)
    # CERT VU#388984 (CVE CAN-2004-0597) (this is the serious one!)
    # CERT VU#160448 (CVE CAN-2004-0599)
    # CERT VU#236656 (CVE CAN-2004-0598)
    # CERT VU#286464 (CVE CAN-2004-0599)
    # CERT VU#477512 (CVE CAN-2004-0599)
    # CERT VU#817368 (CVE CAN-2004-0597)
  + is not affected by "invalid zlib header" problem introduced
    in version 1.2.6
  + is not affected by "stripping alpha channel causes program crash"
    issue present in versions 1.2.6 and 1.2.7

1.0.x series:
-----
+ routine version update
  + fixes the following security advisories (present in 1.0.15-4)
    # CERT VU#388984 (CVE CAN-2004-0597) (this is the serious one!)
    # CERT VU#160448 (CVE CAN-2004-0599)
    # CERT VU#236656 (CVE CAN-2004-0598)
    # CERT VU#286464 (CVE CAN-2004-0599)
    # CERT VU#477512 (CVE CAN-2004-0599)
    # CERT VU#817368 (CVE CAN-2004-0597)
  + is not affected by "invalid zlib header" problem introduced
    in version 1.0.16
  + is not affected by "stripping alpha channel causes program crash"
    issue present in versions 1.0.16 and 1.0.17

WARNING:
----------
Because the 1.2.5-4/1.0.15-4 packages did NOT include preremove scripts, the new postinstall scripts which use update-alternatives may fail to "take ownership" of the generic (unversioned) symlinks. It may be necessary for the site administrator to issue the following commands (after installing this update), to remove the old unversioned symbolic links and allow update-alternatives to recreate (and own) them:


   rm -f /usr/bin/libpng-config
   rm -f /usr/lib/libpng.a
   rm -f /usr/lib/libpng.dll.a
   rm -f /usr/lib/pkgconfig/libpng.pc
   rm -f /usr/include/libpng
   rm -f /usr/include/png.h
   rm -f /usr/include/pngconf.h

/usr/sbin/update-alternatives --auto libpng

See /usr/share/doc/Cygwin/libpngXX-devel.README for more information.

--
Charles Wilson
libpng volunteer maintainer for cygwin

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.

*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at the above URL.





--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]