[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: please approve / unblock libpng/1.2.35-1 (it has a udeb)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aníbal Monsalve Salazar <anibal@debian.org> writes:

> please approve / unblock libpng/1.2.35-1
>
> Closes: 486415 516256
> Changes: 
>  libpng (1.2.35-1) unstable; urgency=high
>  .
>    * New upstream release
>      - http://secunia.com/advisories/33970/
>        Fix a vulnerability reported by Tavis Ormandy in which
>        some arrays of pointers are not initialized prior to using
>        "malloc" to define the pointers.
>        Closes: #516256
>      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
>        The png_check_keyword function in pngwutil.c in libpng, might
>        allow context-dependent attackers to set the value of an
>        arbitrary memory location to zero via vectors involving
>        creation of crafted PNG files with keywords, related to an
>        implicit cast of the '\0' character constant to a NULL pointer.
>    * Don't build libpng3 when binary-indep target is not called.
>      Closes: #486415

Ack.

- -- 
        O T A V I O    S A L V A D O R
- ---------------------------------------------
 E-mail: otavio@debian.org      UIN: 5906116
 GNU/Linux User: 239058     GPG ID: 49A5F855
 Home Page: http://otavio.ossystems.com.br
- ---------------------------------------------
"Microsoft sells you Windows ... Linux gives
 you the whole house."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iEYEARECAAYFAkmi4BUACgkQLqiZQEml+FX/WACfX4WvNGG3JLZb4dJcGtShPdtv
8vUAn1Ggh3+OQzBJSKjvEHF5vugnewjx
=41YI
-----END PGP SIGNATURE-----
Reply to: