[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

please consider libpng 1.2.27-1 [was: (forw) unblock & bump libpng]

On Sun, May 04, 2008 at 02:57:18PM +0200, Andreas Barth wrote:
>any reason to not unblock libpng?

Otavio, please consider approving libpng 1.2.27-1

Release team, please consider unblocking it and bumping up its
urgency to medium.

libpng 1.2.27-1 is functionally the same as the previous libpng
1.2.26-1 (which included the diff between 1.2.26 and the 1.2.27
release candidate to fix CVE-2008-1382).

The shared library of both libpng 1.2.27-1 and 1.2.26-1 has
exactly the same symbols as 1.2.15~beta5-3, the current version
in testing.

Please note that 1.2.26-1 was uploaded with urgency=high but
its urgency was downgraded even though it had a security fix
for CVE-2008-1382, http://bugs.debian.org/476669

Thank you, Otavio and release team!

>----- Forwarded message from Nico Golde <nico@ngolde.de> -----
>From: Nico Golde <nico@ngolde.de>
>To: aba@not.so.argh.org
>Subject: unblock & bump libpng
>Date: Sun, 4 May 2008 14:21:09 +0200
>Message-ID: <20080504122109.GB5662@ngolde.de>
>X-Mailer: netcat 1.10
>Content-Type: multipart/signed; micalg=pgp-sha1;
>	protocol="application/pgp-signature"; boundary="3lcZGd9BuhuYXNfi"
>Hi Andreas,
>wie im IRC besprochen per Mail.
>Kannst du libpng unblocken?
>Die Version fixt CVE-2008-1382. Changelog:
>libpng (1.2.27-1) unstable; urgency=low 
>   * New upstream release
>   * Patches merged upstream:
>     debian/patches/02-476669-CVE-2008-1382.diff
>     debian/patches/03-404514-png.5.diff
>   * Run ./autogen.sh
> -- Anibal Monsalve Salazar <anibal@debian.org>  Tue, 29 Apr 2008 17:22:16 +1000
>Falls du es unblockst bitte gleich mit einem urgency bump verbinden, Ich schlage vor
>age-days 7 libpng
>Gruß Nico
>Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
>For security reasons, all text in this mail is double-rot13 encrypted.
>----- End forwarded message -----

Aníbal Monsalve Salazar
"Red Rosa now has vanished too" Bertolt Brecht

Attachment: signature.asc
Description: Digital signature

Reply to: