version 1.4.1beta01 [January 8, 2010] Updated CMakeLists.txt for consistent indentation and to avoid an unclosed if-statement warning (Philip Lowman). Revised Makefile.am and Makefile.in to remove references to Y2KINFO, KNOWNBUG, and libpng.la (Robert Schwebel). Revised the makefiles to install the same files and symbolic links as configure, except for libpng.la and libpng14.la. Make png_set|get_compression_buffer_size() available even when PNG_WRITE_SUPPORTED is not enabled. Revised Makefile.am and Makefile.in to simplify their maintenance. Revised scripts/makefile.linux to install a link to libpng14.so.14.1 version 1.4.1beta02 [January 9, 2010] Revised the rest of the makefiles to install a link to libpng14.so.14.1 version 1.4.1beta03 [January 10, 2010] Removed png_set_premultiply_alpha() from scripts/*.def version 1.4.1rc01 [January 16, 2010] No changes. version 1.4.1beta04 [January 23, 2010] Revised png_decompress_chunk() to improve speed and memory usage when decoding large chunks. Added png_set|get_chunk_malloc_max() functions. version 1.4.1beta05 [January 26, 2010] Relocated "int k" declaration in pngtest.c to minimize its scope. version 1.4.1beta06 [January 28, 2010] Revised png_decompress_chunk() to use a two-pass method suggested by John Bowler. version 1.4.1beta07 [February 6, 2010] Folded some long lines in the source files. Added defineable PNG_USER_CHUNK_CACHE_MAX, PNG_USER_CHUNK_MALLOC_MAX, and a PNG_USER_LIMITS_SUPPORTED flag. Eliminated use of png_ptr->irowbytes and reused the slot in png_ptr as png_ptr->png_user_chunk_malloc_max. Revised png_push_save_buffer() to do fewer but larger png_malloc() calls. version 1.4.1beta08 [February 6, 2010] Minor cleanup and updating of dates and copyright year. version 1.4.1beta09 [February 7, 2010] Reverted to original png_push_save_buffer() code. version 1.4.1beta10 [February 9, 2010] Return allocated "old_buffer" in png_push_save_buffer() before calling png_error(), to avoid a potential memory leak. version 1.4.1beta11 [February 12, 2010] Relocated misplaced closing curley bracket in png_decompress_chunk(). Removed unused "buffer_size" variable from png_decompress_chunk(). Removed the cbuilder5 project, which has not been updated to 1.4.0. Complete rewrite of two-pass png_decompress_chunk() by John Bowler. version 1.4.1beta12 [February 14, 2010] Fixed type declaration of png_get_user_malloc_max() in pngget.c (Daisuke Nishikawa) version 1.4.1rc02 [January 18, 2010] No changes. version 1.4.1rc03 [February 19, 2010] Noted in scripts/makefile.mingw that it expects to be run under MSYS. Removed obsolete unused MMX-querying support from contrib/gregbook Removed the AIX redefinition of jmpbuf in png.h Define _ALL_SOURCE in configure.ac, makefile.aix, and CMakeLists.txt when using AIX compiler. version 1.4.1rc04 [February 19, 2010] Removed unused gzio.c from contrib/pngminim gather and makefile scripts version 1.4.1 [February 25, 2010] Reproducible: Always Steps to Reproduce:
This bug might be a dupe of bug #307637 but since libpng-1.4.0 has no KEYWORDS currently I am not sure if security@g.o takes care of that version as well...
security does not cover masked packages at all, and they do glsa's only for non-stable packages 1.4.1 now in the tree