libpng - several vulnerabilities

Several vulnerabilities have been discovered in libpng, a library for
reading and writing PNG files. The Common Vulnerabilities and
Exposures project identifies the following problems:

• CVE-2007-2445
  The png_handle_tRNS function allows attackers to cause a denial of service
  (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
• CVE-2007-5269
  Certain chunk handlers allow attackers to cause a denial of service (crash)
  via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which
  trigger out-of-bounds read operations.
• CVE-2008-1382
  libpng allows context-dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a PNG file with zero
  length “unknown” chunks, which trigger an access of uninitialized
  memory.
• CVE-2008-5907
  The png_check_keyword might allow context-dependent attackers to set the
  value of an arbitrary memory location to zero via vectors involving
  creation of crafted PNG files with keywords.
• CVE-2008-6218
  A memory leak in the png_handle_tEXt function allows context-dependent
  attackers to cause a denial of service (memory exhaustion) via a crafted
  PNG file.
• CVE-2009-0040
  libpng allows context-dependent attackers to cause a denial of service
  (application crash) or possibly execute arbitrary code via a crafted PNG
  file that triggers a free of an uninitialized pointer in (1) the
  png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit
  gamma tables.

For the old stable distribution (etch), these problems have been fixed
in version 1.2.15~beta5-1+etch2.

For the stable distribution (lenny), these problems have been fixed in
version 1.2.27-2+lenny2. (Only CVE-2008-5907, CVE-2008-5907 and
CVE-2009-0040 affect the stable distribution.)

For the unstable distribution (sid), these problems have been fixed in
version 1.2.35-1.

We recommend that you upgrade your libpng packages.