Hello,
Please hint libpng 1.2.13-4 (with udeb). It fixes CVE-2006-5793
and CVE-2006-3334.
The new changelog entries (not in etch) are:
libpng (1.2.13-4) unstable; urgency=low
* Removed drop_pass_width patch. Closes: #399499.
libpng (1.2.13-3) unstable; urgency=low
* libpng12-dev: removed the conflict with libpng3-dev.
libpng (1.2.13-2) unstable; urgency=low
* Put back binary package libpng3.
libpng (1.2.13-1) unstable; urgency=low
* Fixed conflict with the new libpng package. Closes: #399296.
* Fixed png.5 man page formatting. Closes: #353061.
Patch by Kevin Ryde <user42@zip.com.au>.
libpng (1.2.13-0) unstable; urgency=high
* New upstream release.
* CVE-2006-5793: Fixed a new security issue regarding malformed
sPLT chunks. Closes: #398706.
* Transitional package libpng3 is not shipped anymore.
Closes: #369104.
libpng (1.2.12-0) unstable; urgency=high
* New upstream release. Closes: #366070.
* CVE-2006-3334: Fixed Buffer overflow in the png_decompress_chunk
function in pngrutil.c in libpng before 1.2.12 allows
context-dependent attackers to cause a denial of service and
possibly execute arbitrary code via unspecified vectors related
to "chunk error processing," possibly involving the "chunk_name".
Closes: #397892.
* Removed debian/x86_patches/pnggccrd-PIC.patch as it's merged
upstream.
Best Regards,
Aníbal Monsalve Salazar
--
http://v7w.com/anibal
Attachment:
signature.asc
Description: Digital signature