On Sat, Dec 16, 2006 at 14:57:19 +0100, Andreas Barth wrote: > * Josselin Mouette (joss@debian.org) [061215 13:46]: > > The only sane solution if you want to get quickly to a releaseable state > > is to go back to the last 1.2.8 package and to backport security fixes. > > I've also explained more long-term solutions for the libpng madness on > > my planet posting. > > Also, at least 5 packages FTBFS because of the change, and a couple of > packages from sarge will just fail on execution because of the dropped > symbols. > > In other words, I strongly recommend to go back to the most recent > 1.2.8-package. > > Anibal, do you want to upload the package, or should I NMU it? > Hi, I've prepared a package based on 1.2.8rel-7, with a patch for CVE-2006-5793. No other security issues seem to be mentioned in the sid package's changelog, but let me know if I've missed something. Source package at http://liafa.jussieu.fr/~jcristau/debian/libpng/libpng_1.2.8rel-7.1.dsc and debdiff from 1.2.8rel-7 at http://liafa.jussieu.fr/~jcristau/debian/libpng/libpng_1.2.8rel-7.1.debdiff Cheers, Julien
Attachment:
signature.asc
Description: Digital signature