Dear stable release managers, OptiPNG in etch and lenny has an array overflow vulnerability (CVE-2009-0749). After talking with our security team, we have decided that it's better to have a fix via a stable update (and not a DSA, as the impact seems to be limited). The patch for stable is available at [1] and the interdiff at [2]. All the files are available at [3]. [1] http://people.debian.org/~naoliv/misc/optipng/stable/patch.txt [2] http://people.debian.org/~naoliv/misc/optipng/stable/interdiff.txt [3] http://people.debian.org/~naoliv/misc/optipng/stable/ The patch for oldstable is available at [4] and the interdiff at [5]. Files are available at [6] [4] http://people.debian.org/~naoliv/misc/optipng/oldstable/patch.txt [5] http://people.debian.org/~naoliv/misc/optipng/oldstable/interdiff.txt [6] http://people.debian.org/~naoliv/misc/optipng/oldstable/ Do I have permission to upload them, please? Thank you very much! Best regards, Nelson
Attachment:
signature.asc
Description: Digital signature