On Sun, May 04, 2008 at 02:57:18PM +0200, Andreas Barth wrote: >any reason to not unblock libpng? Otavio, please consider approving libpng 1.2.27-1 Release team, please consider unblocking it and bumping up its urgency to medium. libpng 1.2.27-1 is functionally the same as the previous libpng 1.2.26-1 (which included the diff between 1.2.26 and the 1.2.27 release candidate to fix CVE-2008-1382). The shared library of both libpng 1.2.27-1 and 1.2.26-1 has exactly the same symbols as 1.2.15~beta5-3, the current version in testing. Please note that 1.2.26-1 was uploaded with urgency=high but its urgency was downgraded even though it had a security fix for CVE-2008-1382, http://bugs.debian.org/476669 Thank you, Otavio and release team! >Cheers, >Andi > >----- Forwarded message from Nico Golde <nico@ngolde.de> ----- > >From: Nico Golde <nico@ngolde.de> >To: aba@not.so.argh.org >Subject: unblock & bump libpng >Date: Sun, 4 May 2008 14:21:09 +0200 >Message-ID: <20080504122109.GB5662@ngolde.de> >X-Mailer: netcat 1.10 >Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; boundary="3lcZGd9BuhuYXNfi" > >Hi Andreas, >wie im IRC besprochen per Mail. >Kannst du libpng unblocken? > >Die Version fixt CVE-2008-1382. Changelog: > >libpng (1.2.27-1) unstable; urgency=low > * New upstream release > * Patches merged upstream: > debian/patches/02-476669-CVE-2008-1382.diff > debian/patches/03-404514-png.5.diff > * Run ./autogen.sh > > -- Anibal Monsalve Salazar <anibal@debian.org> Tue, 29 Apr 2008 17:22:16 +1000 > >Falls du es unblockst bitte gleich mit einem urgency bump verbinden, Ich schlage vor >age-days 7 libpng > >Gruß Nico > >-- >Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF >For security reasons, all text in this mail is double-rot13 encrypted. > >----- End forwarded message ----- Aníbal Monsalve Salazar -- "Red Rosa now has vanished too" Bertolt Brecht
Attachment:
signature.asc
Description: Digital signature