![[PNG icon]](img_png/pnglogo-blk-tiny.png) News and History of the PNG Development Group from 2015
 
News and History of the PNG Development Group from 2015
Herein lie news items and historical stuff primarily of interest to the
Portable Network Graphics Development Group itself.  Feel free to poke
around even if you're not a member, though.  Note that some of the links,
particularly the older ones, are broken; in some cases this is explained by
later entries.  Other links (CompuServe, tcg.arl.mil) have fallen prey to
reorganizations or upgrades; should they ever reappear, the entries below
will be updated as needed.
Keep in mind that this is history here...
   
   - current - see here
   
    
- 17 December 2015 - libpng 1.5.26,
       1.4.19, 1.2.56, and 1.0.66 (all old branches)
       is released with a fix for an out-of-bounds read
       in png_check_keyword()
       (CVE-2015-8540).  The current branch
       (1.6.x) is not vulnerable to the bug.
   
    
- 3 December 2015 - libpng 1.6.20
       (and 1.5.25, 1.4.18, 1.2.55, and 1.0.65) is
       released with fixes for a potential pointer
       overflow/underflow in png_handle_sPLT()/png_handle_pCAL()
       (and in png_handle_iTXt()/png_handle_zTXt() in the older
       branches)
       and for a bug in the png_set_PLTE() implementation that left
       it open to the out-of-bounds write bug
       (CVE-2015-8126) that was supposed to
       have been fixed in the previous release.  It also fixes a bug in pngfix
       with regard to the handling of bad zlib CMINFO fields.  (Such PNG files
       cannot be fixed, so the impact of the bug was minor.)
   
    
- 12 November 2015 - libpng 1.6.19
       (and 1.5.24, 1.4.17, 1.2.54, and 1.0.64) is
       released with fixes for an out-of-bounds read in
       png_set_tIME()/png_convert_to_rfc1123()
       (CVE-2015-7981)
       and for an out-of-bounds write in
       png_get_PLTE()/png_set_PLTE()
       (CVE-2015-8126).  It also includes a
       huge number of code-quality fixes and improvements.
   
    
- 23 July 2015 - libpng 1.6.18 is
       released with a large number of cleanups, minor bugfixes, and a pair of
       new demo programs by John Bowler (contrib/examples/simpleover.c
       and contrib/examples/genpng.c), the former of which shows
       alpha-compositing of multiple images using the simplified API.
   
    
- 5 April 2015 - libpng 1.6.17 is
       released with a number of strengthened security-related checks, a fix
       for an incorrect alpha calculation in 8-bit-linear to sRGB conversion,
       some build/configure updates, etc.
Here are some related PNG pages at this site:
   
 
      ![[primary site hosted by SourceForge]](http://sflogo.sourceforge.net/sflogo.php?group_id=32355&type=9) Last modified 20 December 2016.
Last modified 20 December 2016.
 
Copyright © 1995-2016 Greg Roelofs.