[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: please approve / unblock libpng/1.2.35-1 (it has a udeb)

Otavio Salvador wrote:
> Aníbal Monsalve Salazar <anibal@debian.org> writes:
> 
>> please approve / unblock libpng/1.2.35-1
> 
>> Closes: 486415 516256
>> Changes: 
>>  libpng (1.2.35-1) unstable; urgency=high
>>  .
>>    * New upstream release
>>      - http://secunia.com/advisories/33970/
>>        Fix a vulnerability reported by Tavis Ormandy in which
>>        some arrays of pointers are not initialized prior to using
>>        "malloc" to define the pointers.
>>        Closes: #516256
>>      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
>>        The png_check_keyword function in pngwutil.c in libpng, might
>>        allow context-dependent attackers to set the value of an
>>        arbitrary memory location to zero via vectors involving
>>        creation of crafted PNG files with keywords, related to an
>>        implicit cast of the '\0' character constant to a NULL pointer.
>>    * Don't build libpng3 when binary-indep target is not called.
>>      Closes: #486415
> 
> Ack.

unblocked

Cheers

Luk
Reply to: