News and History of the PNG Development Group from 2012

Herein lie news items and historical stuff primarily of interest to the Portable Network Graphics Development Group itself. Feel free to poke around even if you're not a member, though. Note that some of the links, particularly the older ones, are broken; in some cases this is explained by later entries. Other links (CompuServe, tcg.arl.mil) have fallen prey to reorganizations or upgrades; should they ever reappear, the entries below will be updated as needed.

Keep in mind that this is history here...

• current - see here

• 29 March 2012 - libpng 1.5.10 (and 1.4.11, 1.2.49, and 1.0.59) is released with a fix for a serious memory-corruption bug (CVE-2011-3048) in png_set_text_2(). (This bug also was first "reported" as part of a Chromium release.)

• 18 February 2012 - libpng 1.5.9 (and 1.4.9, 1.2.47, and 1.0.57) is released with a fix for a more serious buffer-overrun bug (CVE-2011-3026) in png_decompress_chunk(), which affects 32-bit systems. (The bug, and a fix for it, was first published as part of Chromium 19.0.1036.7.)

• 1 February 2012 - libpng 1.5.8 is released with a fix for a one-byte buffer-overrun bug (CVE-2011-3464) in png_formatted_warning(). This can cause a crash in certain cases (e.g., Apple apps compiled with -fstack-protector), and it could conceivably result in execution of hostile code, though no exploit is currently known to exist. The bug appears to have been introduced in libpng 1.5.4.

• 29 January 2012 - zlib 1.2.6 is released with a number of new features and improvements, particularly in the gz* convenience functions for gzip streams and in the low-level deflate functions.

Here are some related PNG pages at this site:

• Current News of the PNG Development Group
• Historical PNG news:
  • 2012 · 2011 · 2010 · 2009 · 2008 · 2007 · 2006 · 2005 · 2004 · 2003 · 2002 · 2001 · 2000 · 1999 · 1998 · 1997 · 1996 · 1995
• History of PNG
• Current Status of PNG

• PNG Home Page
• Complete PNG Site Map

Copyright © 1995-2012 Greg Roelofs.