[devel] Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug report by Frank Busse, related to CVE-2004-0421).

commit: 07e1d34a8498ebcdaf33a438b6f476f84f7f2b53 [log] [tgz]
author: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Tue Jun 07 14:35:30 2011 -0500
committer: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Tue Jun 07 14:35:30 2011 -0500
tree: ddc5b5ef12ac44848366a1b4dd1edc6843e2aa4c
parent: 36edbb5eee1091a13f1058ee1ec7d518028a583a [diff] [blame]
diff --git a/CHANGES b/CHANGES
index 37b71b1..41214cc 100644
--- a/CHANGES
+++ b/CHANGES

@@ -3386,7 +3386,9 @@
   Added memory overwrite and palette image checks to pngvalid.c
     Previously palette image code was poorly checked. Since the transformation
     code has a special palette path in most cases this was a severe weakness.
-  Minor cleanup and some extra checking in pngrutil.c and pngrtran.c
+  Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
+    expanding an indexed image, always expand to RGBA if transparency is
+    present.
 
 Version 1.5.3beta09 [May 17, 2011]
   Reversed earlier 1.5.3 change of transformation order; move png_expand_16
@@ -3411,6 +3413,10 @@
 Version 1.5.3rc01 [June 3, 2011]
   No changes.
 
+Version 1.5.3rc02 [June 7, 2011]
+  Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
+    report by Frank Busse, related to CVE-2004-0421).
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
commit	07e1d34a8498ebcdaf33a438b6f476f84f7f2b53	[log] [tgz]
author	Glenn Randers-Pehrson <glennrp at users.sourceforge.net>	Tue Jun 07 14:35:30 2011 -0500
committer	Glenn Randers-Pehrson <glennrp at users.sourceforge.net>	Tue Jun 07 14:35:30 2011 -0500
tree	ddc5b5ef12ac44848366a1b4dd1edc6843e2aa4c
parent	36edbb5eee1091a13f1058ee1ec7d518028a583a [diff] [blame]