Hello, Please hint libpng 1.2.13-4 (with udeb). It fixes CVE-2006-5793 and CVE-2006-3334. The new changelog entries (not in etch) are: libpng (1.2.13-4) unstable; urgency=low * Removed drop_pass_width patch. Closes: #399499. libpng (1.2.13-3) unstable; urgency=low * libpng12-dev: removed the conflict with libpng3-dev. libpng (1.2.13-2) unstable; urgency=low * Put back binary package libpng3. libpng (1.2.13-1) unstable; urgency=low * Fixed conflict with the new libpng package. Closes: #399296. * Fixed png.5 man page formatting. Closes: #353061. Patch by Kevin Ryde <user42@zip.com.au>. libpng (1.2.13-0) unstable; urgency=high * New upstream release. * CVE-2006-5793: Fixed a new security issue regarding malformed sPLT chunks. Closes: #398706. * Transitional package libpng3 is not shipped anymore. Closes: #369104. libpng (1.2.12-0) unstable; urgency=high * New upstream release. Closes: #366070. * CVE-2006-3334: Fixed Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Closes: #397892. * Removed debian/x86_patches/pnggccrd-PIC.patch as it's merged upstream. Best Regards, Aníbal Monsalve Salazar -- http://v7w.com/anibal
Attachment:
signature.asc
Description: Digital signature