summaryrefslogtreecommitdiffstats
path: root/media/libpng/ANNOUNCE
blob: ecf9c7043b092dcd71ee406794e2fcc6c2be3cb8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
libpng 1.6.37 - April 14, 2019
==============================

This is a public release of libpng, intended for use in production code.


Files available for download
----------------------------

Source files with LF line endings (for Unix/Linux):

 * libpng-1.6.37.tar.xz (LZMA-compressed, recommended)
 * libpng-1.6.37.tar.gz

Source files with CRLF line endings (for Windows):

 * lp1637.7z (LZMA-compressed, recommended)
 * lp1637.zip

Other information:

 * README.md
 * LICENSE.md
 * AUTHORS.md
 * TRADEMARK.md


Changes since the previous public release (version 1.6.36)
----------------------------------------------------------

 * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
 * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
 * Fixed a memory leak in pngtest.c.
 * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
   contrib/pngminus; refactor.
 * Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
   (Contributed by Willem van Schaik)
 * Fixed a typo in the libpng license v2.
   (Contributed by Miguel Ojeda)
 * Added makefiles for AddressSanitizer-enabled builds.
 * Cleaned up various makefiles.


Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
Subscription is required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
to subscribe.