Re: please approve / unblock libpng/1.2.35-1 (it has a udeb)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aníbal Monsalve Salazar <anibal@debian.org> writes:
> please approve / unblock libpng/1.2.35-1
>
> Closes: 486415 516256
> Changes:
> libpng (1.2.35-1) unstable; urgency=high
> .
> * New upstream release
> - http://secunia.com/advisories/33970/
> Fix a vulnerability reported by Tavis Ormandy in which
> some arrays of pointers are not initialized prior to using
> "malloc" to define the pointers.
> Closes: #516256
> - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
> The png_check_keyword function in pngwutil.c in libpng, might
> allow context-dependent attackers to set the value of an
> arbitrary memory location to zero via vectors involving
> creation of crafted PNG files with keywords, related to an
> implicit cast of the '\0' character constant to a NULL pointer.
> * Don't build libpng3 when binary-indep target is not called.
> Closes: #486415
Ack.
- --
O T A V I O S A L V A D O R
- ---------------------------------------------
E-mail: otavio@debian.org UIN: 5906116
GNU/Linux User: 239058 GPG ID: 49A5F855
Home Page: http://otavio.ossystems.com.br
- ---------------------------------------------
"Microsoft sells you Windows ... Linux gives
you the whole house."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAkmi4BUACgkQLqiZQEml+FX/WACfX4WvNGG3JLZb4dJcGtShPdtv
8vUAn1Ggh3+OQzBJSKjvEHF5vugnewjx
=41YI
-----END PGP SIGNATURE-----
Reply to: