[SRM] Security update for OptiPNG in etch and lenny

To: debian-release@lists.debian.org
Subject: [SRM] Security update for OptiPNG in etch and lenny
From: "Nelson A. de Oliveira" <naoliv@debian.org>
Date: Mon, 9 Mar 2009 23:49:46 -0300
Message-id: <20090310024946.GA22973@orthrus>
Reply-to: debian-release@lists.debian.org, naoliv@debian.org

Dear stable release managers,

OptiPNG in etch and lenny has an array overflow vulnerability (CVE-2009-0749).
After talking with our security team, we have decided that it's better to
have a fix via a stable update (and not a DSA, as the impact seems to be
limited).

The patch for stable is available at [1] and the interdiff at [2].
All the files are available at [3].

[1] http://people.debian.org/~naoliv/misc/optipng/stable/patch.txt
[2] http://people.debian.org/~naoliv/misc/optipng/stable/interdiff.txt
[3] http://people.debian.org/~naoliv/misc/optipng/stable/

The patch for oldstable is available at [4] and the interdiff at [5].
Files are available at [6]

[4] http://people.debian.org/~naoliv/misc/optipng/oldstable/patch.txt
[5] http://people.debian.org/~naoliv/misc/optipng/oldstable/interdiff.txt
[6] http://people.debian.org/~naoliv/misc/optipng/oldstable/

Do I have permission to upload them, please?

Thank you very much!

Best regards,
Nelson

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: [SRM] Security update for OptiPNG in etch and lenny
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: libgpod transition
Next by Date: ImageMagick libs transition
Previous by thread: Re: binNMU request for inkblot
Next by thread: Re: [SRM] Security update for OptiPNG in etch and lenny
Index(es):
- Date
- Thread