Hi! A security vulnerability has been found in optipng (Debian bug #505399, SA (Secunia Advisory) http://secunia.com/Advisories/32651/). It has been fixed in version 0.6.2 (that is already at experimental). Code change from 0.6.1 to 0.6.2 is a little big: lib/pngxtern/pngx.h | 22 lib/pngxtern/pngxio.c | 5 lib/pngxtern/pngxmem.c | 41 lib/pngxtern/pngxrbmp.c | 67 - src/opngoptim.c | 1777 +++++++++++++++++++++++++++++++++ src/optipng.c | 2560 +++++++++--------------------------------------- src/optipng.h | 86 + 7 files changed, 2473 insertions(+), 2085 deletions(-) You can see the diff at http://people.debian.org/~naoliv/misc/optipng-0.6.1_0.6.2.diff.txt Probably it's a "no" to upload it to unstable (and let it migrate to testing), right? So do I have a pre-approval to upload it to unstable, including only a patch to fix SA32651, please? Thank you! Best regards, Nelson
Attachment:
signature.asc
Description: PGP signature