Mike Hommey <mh@glandium.org> Cc: team@security.debian.org, Sam Hocevar <sho@debian.org> On Sat, Dec 16, 2006 at 09:45:05PM +0100, Julien Cristau wrote: >On Sat, Dec 16, 2006 at 14:57:19 +0100, Andreas Barth wrote: >>Anibal, do you want to upload the package, or should I NMU it? I'll upload it. I'll check Julien's package first. >Hi, > >I've prepared a package based on 1.2.8rel-7, with a patch for >CVE-2006-5793. No other security issues seem to be mentioned in the sid >package's changelog, but let me know if I've missed something. >Source package at >http://liafa.jussieu.fr/~jcristau/debian/libpng/libpng_1.2.8rel-7.1.dsc >and debdiff from 1.2.8rel-7 at >http://liafa.jussieu.fr/~jcristau/debian/libpng/libpng_1.2.8rel-7.1.debdiff Thank you. >Cheers, >Julien Just for the record. The libpng security issues were communicated to the security team twice on Nov 9 and 15 2006. On Nov 15 2006 both vorlon and aba were made aware of the security problems. I didn't get any response. I don't know if Sam or Mike received any response to the messages I sent to the security team, vorlon and aba. Best Regards, Aníbal Monsalve Salazar -- http://v7w.com/anibal
Attachment:
signature.asc
Description: Digital signature