Re: Pre-approval for optipng
Nelson A. de Oliveira wrote:
> Hi!
>
> A security vulnerability has been found in optipng (Debian bug #505399,
> SA (Secunia Advisory) http://secunia.com/Advisories/32651/). It has
> been fixed in version 0.6.2 (that is already at experimental).
>
> Code change from 0.6.1 to 0.6.2 is a little big:
>
> lib/pngxtern/pngx.h | 22
> lib/pngxtern/pngxio.c | 5
> lib/pngxtern/pngxmem.c | 41
> lib/pngxtern/pngxrbmp.c | 67 -
> src/opngoptim.c | 1777 +++++++++++++++++++++++++++++++++
> src/optipng.c | 2560 +++++++++---------------------------------------
> src/optipng.h | 86 +
> 7 files changed, 2473 insertions(+), 2085 deletions(-)
>
> You can see the diff at
> http://people.debian.org/~naoliv/misc/optipng-0.6.1_0.6.2.diff.txt
>
> Probably it's a "no" to upload it to unstable (and let it migrate to
> testing), right?
Right.
> So do I have a pre-approval to upload it to unstable, including only a
> patch to fix SA32651, please?
Yes.
Cheers
Luk
Reply to: