Debian Bug report logs -
#633871
Three security issues
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 14 Jul 2011 15:36:01 UTC
Severity: grave
Tags: security
Fixed in versions libpng/1.2.46-1, libpng/1.5.4-1, libpng/1.2.44-1+squeeze1
Done: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#633871; Package libpng.
(Thu, 14 Jul 2011 15:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 14 Jul 2011 15:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libpng
Severity: grave
Tags: security
Three security issues have been reported in libpng. Please see
the following links to CVE IDs and Red Hat bugzilla:
1. buffer overwrite in png_rgb_to_gray
CVE: CVE-2011-2690
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720607
2. Crash in png_default_error due to use of NULL Pointer
CVE: CVE-2011-2691
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720608
3. Memory corruption when handling empty sCAL chunks
CVE: CVE-2011-2692
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720612
Cheers,
Moritz
Reply sent
to Nobuhiro Iwamatsu <iwamatsu@debian.org>:
You have taken responsibility.
(Fri, 15 Jul 2011 03:36:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Fri, 15 Jul 2011 03:36:03 GMT) (full text, mbox, link).
Message #10 received at 633871-close@bugs.debian.org (full text, mbox, reply):
Source: libpng
Source-Version: 1.2.46-1
We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:
libpng12-0-udeb_1.2.46-1_amd64.udeb
to main/libp/libpng/libpng12-0-udeb_1.2.46-1_amd64.udeb
libpng12-0_1.2.46-1_amd64.deb
to main/libp/libpng/libpng12-0_1.2.46-1_amd64.deb
libpng12-dev_1.2.46-1_amd64.deb
to main/libp/libpng/libpng12-dev_1.2.46-1_amd64.deb
libpng3_1.2.46-1_all.deb
to main/libp/libpng/libpng3_1.2.46-1_all.deb
libpng_1.2.46-1.debian.tar.bz2
to main/libp/libpng/libpng_1.2.46-1.debian.tar.bz2
libpng_1.2.46-1.dsc
to main/libp/libpng/libpng_1.2.46-1.dsc
libpng_1.2.46.orig.tar.gz
to main/libp/libpng/libpng_1.2.46.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 633871@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu <iwamatsu@debian.org> (supplier of updated libpng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 15 Jul 2011 11:47:49 +0900
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source all amd64
Version: 1.2.46-1
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Closes: 633871
Changes:
libpng (1.2.46-1) unstable; urgency=high
.
* New upstream release (Closes: #633871).
- Fix CVE: CVE-2011-2690
Buffer overwrite in png_rgb_to_gray
- CVE: CVE-2011-2691
Crash in png_default_error due to use of NULL Pointer
- CVE: CVE-2011-2692
Memory corruption when handling empty sCAL chunks
- Update patches/01-legacy.patch
- Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.
Checksums-Sha1:
990f102856b290e09f01baf00dc52a001a03c152 1813 libpng_1.2.46-1.dsc
d5f3a2439b0b6d85a26499b2be09918eb54ea13a 831390 libpng_1.2.46.orig.tar.gz
fdba7547b33f919f220a5ad828f85c0a089bc586 15295 libpng_1.2.46-1.debian.tar.bz2
120f48da8861a6c209baa21b28ea78250f2f5a27 906 libpng3_1.2.46-1_all.deb
b162d1e97fcd08c4eb91f78fc1570972878d2d98 181064 libpng12-0_1.2.46-1_amd64.deb
49f4468e8626b8fabe914f1c725381bc783494d6 273192 libpng12-dev_1.2.46-1_amd64.deb
5e1a13a441d59a502af1df1751082e6d31f47860 74020 libpng12-0-udeb_1.2.46-1_amd64.udeb
Checksums-Sha256:
014a320ba36a7eef270c2c89f2889cacfe267ab830d6817f950d3bfb18ebe448 1813 libpng_1.2.46-1.dsc
3d8fd4c88d19b7fcf981e9d9adad9195e1a1cfbb7bcb9e76a2bd602d6e3ae781 831390 libpng_1.2.46.orig.tar.gz
94a633ca818bca8a298aeb02ccbef9597911b8b4ae381895d3eb972f186c72a6 15295 libpng_1.2.46-1.debian.tar.bz2
3f410cc8dd8088837966657f5fffd64ca79e2e1e344a4fca8551fcb4a12a0c86 906 libpng3_1.2.46-1_all.deb
85676ad64c60b21b42900295415461f5e18403fdfe8475bdafe5b47e301633db 181064 libpng12-0_1.2.46-1_amd64.deb
613bc1476a3cb35e416a59c62caffc45be6012d64b7133970a6a9dabd9cbad6e 273192 libpng12-dev_1.2.46-1_amd64.deb
2499121411ea74646f53233ccd881d9473a8771c9dda6c948d344f621ab799be 74020 libpng12-0-udeb_1.2.46-1_amd64.udeb
Files:
f284b2268a75261dd27359d571a43fd2 1813 libs optional libpng_1.2.46-1.dsc
03ddfc17ad321db93f984581e9415d22 831390 libs optional libpng_1.2.46.orig.tar.gz
5f1fb3ed312b15be25df452af03e36cb 15295 libs optional libpng_1.2.46-1.debian.tar.bz2
d0de6bb21f110d2a60de9337a781b47c 906 oldlibs optional libpng3_1.2.46-1_all.deb
0b5de44372009ce2f8dd7bb6ed843dea 181064 libs optional libpng12-0_1.2.46-1_amd64.deb
8d31c01b661b7287aae8cde1691c5df5 273192 libdevel optional libpng12-dev_1.2.46-1_amd64.deb
5a9e25f1e566de14d826a5bdbd9aa3a6 74020 debian-installer extra libpng12-0-udeb_1.2.46-1_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOH7CZAAoJEDIkf7tArR+m2s0QAImjd73h/USu6itNv00drTip
fqRdzaiqz1Oepj7j0miQ4tlk3MOYcaIaNxINIycWfNMGfodyzJ229u8L2Z+11bfm
Cglf6HpYQb2gQ9P1xmUV1GX/QMlvzuHB+zCMk73y5m5thR805rQHHZTCt++5o83c
HcE5ORlYnmLF6J8kuga+NHIxRJN9KuWjVOB71x3fs+gxe7quFygdP3jiEtPKcWho
aoMlLhM27oYt+eFUPoOiogNDOMYwFg7nRJVM85Y/olQUKlWN6dJ9eWoBPoEtqIm9
A+c30nHmi2jEkdSsi9KW7/ijuY3y7qWZU2fleZ6KLrT2d1Etnd9wVedHs9fvagVL
bC5xFul1egi0vrze00nHo61tg9RAVJTDbzrwHhah0sGYhlI84MxsiG4xwZPgV8/a
2rA7CWVbKB8K9zbZtdEkqqF/BQcHWqBGIWW0t35aAKk3ZDYWQOiIUNOd5uHyvSty
xG+2LcTrqB6Fl5VaHnzY9rHKuWoJXYQ71J90RRYjM9a7GBWKZuFaQSRuWs6X1uKB
V+L1ptUqCJ9qIupAaZstlHAwf/qH6bUQQHNSDbTA6X+1CG9sZOr7GkAPwCp5ISMS
gcsQPtoGm0Lx+BDst1FYPoyr5SxQb5RbkyaYAMaHlI9qexrjOKRkPpLNXDvxvcr3
b98/pQmH8JA4ztd7Js1q
=R1lH
-----END PGP SIGNATURE-----
Reply sent
to Nobuhiro Iwamatsu <iwamatsu@debian.org>:
You have taken responsibility.
(Fri, 15 Jul 2011 03:36:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Fri, 15 Jul 2011 03:36:05 GMT) (full text, mbox, link).
Message #15 received at 633871-close@bugs.debian.org (full text, mbox, reply):
Source: libpng
Source-Version: 1.5.4-1
We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:
libpng-dev_1.5.4-1_amd64.deb
to main/libp/libpng/libpng-dev_1.5.4-1_amd64.deb
libpng15-15-udeb_1.5.4-1_amd64.udeb
to main/libp/libpng/libpng15-15-udeb_1.5.4-1_amd64.udeb
libpng15-15_1.5.4-1_amd64.deb
to main/libp/libpng/libpng15-15_1.5.4-1_amd64.deb
libpng_1.5.4-1.debian.tar.bz2
to main/libp/libpng/libpng_1.5.4-1.debian.tar.bz2
libpng_1.5.4-1.dsc
to main/libp/libpng/libpng_1.5.4-1.dsc
libpng_1.5.4.orig.tar.gz
to main/libp/libpng/libpng_1.5.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 633871@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu <iwamatsu@debian.org> (supplier of updated libpng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 15 Jul 2011 12:01:42 +0900
Source: libpng
Binary: libpng15-15 libpng-dev libpng15-15-udeb
Architecture: source amd64
Version: 1.5.4-1
Distribution: experimental
Urgency: low
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Description:
libpng-dev - PNG library - development
libpng15-15 - PNG library - runtime
libpng15-15-udeb - PNG library - minimal runtime library (udeb)
Closes: 633871
Changes:
libpng (1.5.4-1) experimental; urgency=low
.
* New upstream release (Closes: #633871).
- Fix CVE: CVE-2011-2690
Buffer overwrite in png_rgb_to_gray
- CVE: CVE-2011-2691
Crash in png_default_error due to use of NULL Pointer
- CVE: CVE-2011-2692
Memory corruption when handling empty sCAL chunks
- Remove patches/02-632786-CVE-2011-2501.patch. Applied to upstream.
Checksums-Sha1:
ffcf1b0d56debc90c93b425388bfb13c276a34c2 1771 libpng_1.5.4-1.dsc
3ff340169a74b40b299b491009f210bf5b312475 1019446 libpng_1.5.4.orig.tar.gz
15a012a8482587e70e8f376afdb94e3ae5d26191 14534 libpng_1.5.4-1.debian.tar.bz2
20bf6386cb271a541f6121b2b9cea351b003e171 166504 libpng15-15_1.5.4-1_amd64.deb
5eb7e50a67ad12d8cc9a27bf85df6be23963e2c3 295002 libpng-dev_1.5.4-1_amd64.deb
2c6cedbab9bced7b94af4af1c6acfc9067a53828 79642 libpng15-15-udeb_1.5.4-1_amd64.udeb
Checksums-Sha256:
917bfae0da0ba8b6e769c3154ec9bd00dfc1b5aaf9d85113d01ed22e41bdc182 1771 libpng_1.5.4-1.dsc
a5ccdbb70c72b48d0a90daaa1aebcb94997ec3f3a19a7f497f53dc50c88feaab 1019446 libpng_1.5.4.orig.tar.gz
b7dfa1ae719d95a71a8ce57adacb2350bd1b01a11e086bab52834dad258bf48b 14534 libpng_1.5.4-1.debian.tar.bz2
33d7eabf92a62d3ca8e91d6b88ffe5fa300eac99a0b0d2b163baf4c0ddf19ceb 166504 libpng15-15_1.5.4-1_amd64.deb
cbc4b060f4b0e5637ba69ea3680c6e65f2387484dd195a07ff3489eb19691357 295002 libpng-dev_1.5.4-1_amd64.deb
b32b749895fa2227a48e772d0947b45a3871f08691b9559f7dff445a48fcc190 79642 libpng15-15-udeb_1.5.4-1_amd64.udeb
Files:
5d39fa99b19302b59c36741e201d64bd 1771 libs optional libpng_1.5.4-1.dsc
dea4d1fd671160424923e92ff0cdda78 1019446 libs optional libpng_1.5.4.orig.tar.gz
f2856f74c9044117f1e143f520c85e53 14534 libs optional libpng_1.5.4-1.debian.tar.bz2
73bdeb0c585d15a4649415d13aee0564 166504 libs optional libpng15-15_1.5.4-1_amd64.deb
fd8be1a07f93837ef41e585c2f0cb076 295002 libdevel optional libpng-dev_1.5.4-1_amd64.deb
c0d63a2e0d7a146ff5f4a0f675891675 79642 debian-installer extra libpng15-15-udeb_1.5.4-1_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOH7EKAAoJEDIkf7tArR+mExQP+gIicFZrz+snOaUzkl9I7fZx
nbfvpDy4BGrnw8qUiISzUA+qHoTI5OloMprTQ4SVC2I/2h55nE+65XaXOikCw4k/
1B740uQJrf3rp07HeuyiXPcO5ggHRbuMnFl8FRcbMcyqM4/BEGld5vVGaZZtQjWR
Obs5MA0olZLXezBZYQT28xVO6Lfh4XxQ9HInpodw8IckZmBMDXGqXnD3pkLDPcA3
W+IlJ6+hwT/EUxjg7JApstZZX58aHz0caJ5D2q1/8I8LKffRwSDDnbitW/UrnWpi
m4JPdYo5kiI+kz3BsyPIi2SFMiv3rwNXD4zqHw/Q7DaTXPh+vBO78LNRcG0AT+ee
vFoqYB0IzZSlNU5i1iVSDMyL1omRMYzVSy9hXWIEW9WRrvF0Gf1j0gz6l3x7nVBY
bKD6a2toKchBdDAlRUZaz/HTarxa4aZjlb9dmTv3Ur0nnMFXhmK84oWPdZ85/UxR
d1XKAyH6lVxPe6CgIoC3vBypon7/F2QhikFBLId5/zdlvf6TMujje6yVvIahXo4x
UEKYn+LNBtL8VcxRDZMEwEwoQmBhihATY/2EDxBPL3MssnQAoElEZcEwjw0VcFCO
bTLCJ5MaBRE0Dkfc7tUVUQHeRv1finUIhm4IpodJp/PiGvZGgiebmk4RO90iFP+m
SKBHj56zeQ+IvMh57gir
=oats
-----END PGP SIGNATURE-----
Reply sent
to Nobuhiro Iwamatsu <iwamatsu@debian.org>:
You have taken responsibility.
(Fri, 29 Jul 2011 08:12:13 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Fri, 29 Jul 2011 08:12:13 GMT) (full text, mbox, link).
Message #20 received at 633871-close@bugs.debian.org (full text, mbox, reply):
Source: libpng
Source-Version: 1.2.44-1+squeeze1
We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:
libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb
to main/libp/libpng/libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb
libpng12-0_1.2.44-1+squeeze1_amd64.deb
to main/libp/libpng/libpng12-0_1.2.44-1+squeeze1_amd64.deb
libpng12-dev_1.2.44-1+squeeze1_amd64.deb
to main/libp/libpng/libpng12-dev_1.2.44-1+squeeze1_amd64.deb
libpng3_1.2.44-1+squeeze1_all.deb
to main/libp/libpng/libpng3_1.2.44-1+squeeze1_all.deb
libpng_1.2.44-1+squeeze1.debian.tar.bz2
to main/libp/libpng/libpng_1.2.44-1+squeeze1.debian.tar.bz2
libpng_1.2.44-1+squeeze1.dsc
to main/libp/libpng/libpng_1.2.44-1+squeeze1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 633871@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu <iwamatsu@debian.org> (supplier of updated libpng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 15 Jul 2011 13:06:17 +0900
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source all amd64
Version: 1.2.44-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Description:
libpng12-0 - PNG library - runtime
libpng12-0-udeb - PNG library - minimal runtime library (udeb)
libpng12-dev - PNG library - development
libpng3 - PNG library - runtime
Closes: 632786 633871
Changes:
libpng (1.2.44-1+squeeze1) stable-security; urgency=high
.
* Apply upstream patch to 1-byte uninitialized memory reference in
png_format_buffer(). (Closes: #632786, CVE-2011-2501)
* Apply upstream patch to buffer overwrite in png_rgb_to_gray.
(Closes: #633871, CVE-2011-2690)
* Apply upstream patch to crash in png_default_error due to use of
NULL Pointer. (Closes: #633871, CVE-2011-2691)
* Apply upstream patch to memory corruption when handling empty sCAL chunks.
(Closes: #633871, CVE-2011-2692)
Checksums-Sha1:
45a8e4fc8eaf5f8dfc9853c3e0b7bf030541db3b 1220 libpng_1.2.44-1+squeeze1.dsc
07bd9d67c6e6076416a951451e1b05c2660e9d0d 657967 libpng_1.2.44.orig.tar.bz2
b5eaece6cb9f13b7d11d728d8d19dc66359d7a3f 16868 libpng_1.2.44-1+squeeze1.debian.tar.bz2
bcb490754b55519748d4ca3796afddebc08a10de 880 libpng3_1.2.44-1+squeeze1_all.deb
35db55d3d4d7c52fc3d6a18db676906f4e938cfa 180292 libpng12-0_1.2.44-1+squeeze1_amd64.deb
aabbdbef0b17f9372873bb244aedd5704c8f0c4f 271912 libpng12-dev_1.2.44-1+squeeze1_amd64.deb
9edf83d59877f7eebe6b728c8810da284c60ef95 73652 libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb
Checksums-Sha256:
835250574e621c80944fe60450b959b2b7b72c7387832c85f4d98c36a89f1171 1220 libpng_1.2.44-1+squeeze1.dsc
b9ab20f1c2c3bf6c4448fd9bd8a4a8905b918114d5fada56c97bb758a17b7215 657967 libpng_1.2.44.orig.tar.bz2
55ad8e3c7bb798d5d9e1f5b699e2f486835760e0317c9253c41a1c5db2674af7 16868 libpng_1.2.44-1+squeeze1.debian.tar.bz2
07c686aa185d25be43d9799cf5ae9a62859e357db026a85fe8960ecfedae2660 880 libpng3_1.2.44-1+squeeze1_all.deb
347650a1fdc4795ee74e28d0320ab1989420af88693388077093363e328e54b4 180292 libpng12-0_1.2.44-1+squeeze1_amd64.deb
ba6ba8661767687e798919d1edbd1e023fa203295beddc4e9af71744669dbdac 271912 libpng12-dev_1.2.44-1+squeeze1_amd64.deb
c062c253e6483b06b353fe69a76ae70325e0db9125298009a57de0101d7c8e15 73652 libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb
Files:
bd03fe299fc0e736b4305cad9f9f6900 1220 libs optional libpng_1.2.44-1+squeeze1.dsc
e3ac7879d62ad166a6f0c7441390d12b 657967 libs optional libpng_1.2.44.orig.tar.bz2
ca336993266703229b7734da741dde9f 16868 libs optional libpng_1.2.44-1+squeeze1.debian.tar.bz2
8078aad6ce639a863fa46dce21221b24 880 oldlibs optional libpng3_1.2.44-1+squeeze1_all.deb
3bad55f8ab41473f07de953d1f6a9b44 180292 libs optional libpng12-0_1.2.44-1+squeeze1_amd64.deb
8b8090de72a41f922617afe627b50df9 271912 libdevel optional libpng12-dev_1.2.44-1+squeeze1_amd64.deb
b1429ec2d57a1bfc432c6a0f99039eef 73652 debian-installer extra libpng12-0-udeb_1.2.44-1+squeeze1_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk4sytAACgkQQWTRs4lLtHl+pQCgjA7UWmWPY7AaXk8f+E2Whzrs
QOgAn0sv3l1QCeS4pVQaBrOLqEly3zUy
=UYDh
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 09 Oct 2011 07:36:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:37:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon