Pre-approval for optipng

To: debian-release@lists.debian.org
Subject: Pre-approval for optipng
From: "Nelson A. de Oliveira" <naoliv@debian.org>
Date: Wed, 12 Nov 2008 01:50:08 -0200
Message-id: <20081112015008.72c017fd@orthrus>
Reply-to: debian-release@lists.debian.org, naoliv@debian.org

Hi!

A security vulnerability has been found in optipng (Debian bug #505399,
SA (Secunia Advisory) http://secunia.com/Advisories/32651/). It has
been fixed in version 0.6.2 (that is already at experimental).

Code change from 0.6.1 to 0.6.2 is a little big:

 lib/pngxtern/pngx.h     |   22
 lib/pngxtern/pngxio.c   |    5
 lib/pngxtern/pngxmem.c  |   41
 lib/pngxtern/pngxrbmp.c |   67 -
 src/opngoptim.c         | 1777 +++++++++++++++++++++++++++++++++
 src/optipng.c           | 2560 +++++++++---------------------------------------
 src/optipng.h           |   86 +
 7 files changed, 2473 insertions(+), 2085 deletions(-)

You can see the diff at
http://people.debian.org/~naoliv/misc/optipng-0.6.1_0.6.2.diff.txt

Probably it's a "no" to upload it to unstable (and let it migrate to
testing), right?

So do I have a pre-approval to upload it to unstable, including only a
patch to fix SA32651, please?

Thank you!

Best regards,
Nelson

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Pre-approval for optipng
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: Some more security hinting
Next by Date: Re: Upload of inkscape_0.46-3 to t-p-u ? (was Re: [inkscape] Impossible to change font if ttf-bitstream-vera is not installed.)
Previous by thread: Re: [Secure-testing-team] Please unblock gallery 1.5.9-1
Next by thread: Re: Pre-approval for optipng
Index(es):
- Date
- Thread