Re: Pre-approval for optipng

To: debian-release@lists.debian.org, naoliv@debian.org
Subject: Re: Pre-approval for optipng
From: Luk Claes <luk@debian.org>
Date: Wed, 12 Nov 2008 07:26:36 +0100
Message-id: <491A771C.5090407@debian.org>
In-reply-to: <20081112015008.72c017fd@orthrus>
References: <20081112015008.72c017fd@orthrus>

Nelson A. de Oliveira wrote:
> Hi!
> 
> A security vulnerability has been found in optipng (Debian bug #505399,
> SA (Secunia Advisory) http://secunia.com/Advisories/32651/). It has
> been fixed in version 0.6.2 (that is already at experimental).
> 
> Code change from 0.6.1 to 0.6.2 is a little big:
> 
>  lib/pngxtern/pngx.h     |   22
>  lib/pngxtern/pngxio.c   |    5
>  lib/pngxtern/pngxmem.c  |   41
>  lib/pngxtern/pngxrbmp.c |   67 -
>  src/opngoptim.c         | 1777 +++++++++++++++++++++++++++++++++
>  src/optipng.c           | 2560 +++++++++---------------------------------------
>  src/optipng.h           |   86 +
>  7 files changed, 2473 insertions(+), 2085 deletions(-)
> 
> You can see the diff at
> http://people.debian.org/~naoliv/misc/optipng-0.6.1_0.6.2.diff.txt
> 
> Probably it's a "no" to upload it to unstable (and let it migrate to
> testing), right?

Right.

> So do I have a pre-approval to upload it to unstable, including only a
> patch to fix SA32651, please?

Yes.

Cheers

Luk

Reply to:

Follow-Ups:
- Re: Pre-approval for optipng
  - From: "Nelson A. de Oliveira" <naoliv@debian.org>

References:
- Pre-approval for optipng
  - From: "Nelson A. de Oliveira" <naoliv@debian.org>

Prev by Date: Re: Upload of inkscape_0.46-3 to t-p-u ? (was Re: [inkscape] Impossible to change font if ttf-bitstream-vera is not installed.)
Next by Date: PostgreSQL maintenance releases for etch and lenny
Previous by thread: Pre-approval for optipng
Next by thread: Re: Pre-approval for optipng
Index(es):
- Date
- Thread