Re: please approve / unblock libpng/1.2.35-1 (it has a udeb)
Aníbal Monsalve Salazar wrote:
> On Sun, Mar 01, 2009 at 04:39:52PM +1100, Anibal Monsalve Salazar wrote:
>> On Mon, Feb 23, 2009 at 06:47:11PM +0100, Luk Claes wrote:
>>> Otavio Salvador wrote:
>>>> Aníbal Monsalve Salazar <anibal@debian.org> writes:
>>>>
>>>>> please approve / unblock libpng/1.2.35-1
>>>>> Closes: 486415 516256
>>>>> Changes:
>>>>> libpng (1.2.35-1) unstable; urgency=high
>>>>> .
>>>>> * New upstream release
>>>>> - http://secunia.com/advisories/33970/
>>>>> Fix a vulnerability reported by Tavis Ormandy in which
>>>>> some arrays of pointers are not initialized prior to using
>>>>> "malloc" to define the pointers.
>>>>> Closes: #516256
>>>>> - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
>>>>> The png_check_keyword function in pngwutil.c in libpng, might
>>>>> allow context-dependent attackers to set the value of an
>>>>> arbitrary memory location to zero via vectors involving
>>>>> creation of crafted PNG files with keywords, related to an
>>>>> implicit cast of the '\0' character constant to a NULL pointer.
>>>>> * Don't build libpng3 when binary-indep target is not called.
>>>>> Closes: #486415
>>>> Ack.
>>> unblocked
>>>
>>> Cheers
>>>
>>> Luk
>> Please push libpng/1.2.35-1 which hasn't been installed yet.
>
> No help from mips@buildd.debian.org yet.
>
> Should libpng 1.2.35-1 be given back?
scheduled for upload
Cheers
Luk
Reply to: