Re: please approve / unblock libpng/1.2.35-1 (it has a udeb)
Otavio Salvador wrote:
> Aníbal Monsalve Salazar <anibal@debian.org> writes:
>
>> please approve / unblock libpng/1.2.35-1
>
>> Closes: 486415 516256
>> Changes:
>> libpng (1.2.35-1) unstable; urgency=high
>> .
>> * New upstream release
>> - http://secunia.com/advisories/33970/
>> Fix a vulnerability reported by Tavis Ormandy in which
>> some arrays of pointers are not initialized prior to using
>> "malloc" to define the pointers.
>> Closes: #516256
>> - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
>> The png_check_keyword function in pngwutil.c in libpng, might
>> allow context-dependent attackers to set the value of an
>> arbitrary memory location to zero via vectors involving
>> creation of crafted PNG files with keywords, related to an
>> implicit cast of the '\0' character constant to a NULL pointer.
>> * Don't build libpng3 when binary-indep target is not called.
>> Closes: #486415
>
> Ack.
unblocked
Cheers
Luk
Reply to: