Hello community, here is the log from the commit of package libpng12 for openSUSE:Factory checked in at 2015-12-09 19:33:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng12 (Old) and /work/SRC/openSUSE:Factory/.libpng12.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libpng12" Changes: -------- --- /work/SRC/openSUSE:Factory/libpng12/libpng12.changes 2015-11-24 22:30:54.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libpng12.new/libpng12.changes 2015-12-09 19:33:32.000000000 +0100 @@ -1,0 +2,10 @@ +Thu Dec 3 15:21:37 UTC 2015 - pgajdos@suse.com + +- updated to 1.2.55: + Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(), + png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr). + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr + not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 + vulnerability. + +------------------------------------------------------------------- Old: ---- libpng-1.2.54.tar.xz New: ---- libpng-1.2.55.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng12.spec ++++++ --- /var/tmp/diff_new_pack.T6SamA/_old 2015-12-09 19:33:33.000000000 +0100 +++ /var/tmp/diff_new_pack.T6SamA/_new 2015-12-09 19:33:33.000000000 +0100 @@ -19,7 +19,7 @@ # %define major 1 %define minor 2 -%define micro 54 +%define micro 55 %define branch %{major}%{minor} %define libname libpng%{branch}-0 ++++++ libpng-1.2.54.tar.xz -> libpng-1.2.55.tar.xz ++++++ ++++ 34947 lines of diff (skipped)