[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: please approve / unblock libpng/1.2.35-1 (it has a udeb)

Aníbal Monsalve Salazar wrote:
> On Sun, Mar 01, 2009 at 04:39:52PM +1100, Anibal Monsalve Salazar wrote:
>> On Mon, Feb 23, 2009 at 06:47:11PM +0100, Luk Claes wrote:
>>> Otavio Salvador wrote:
>>>> Aníbal Monsalve Salazar <anibal@debian.org> writes:
>>>>
>>>>> please approve / unblock libpng/1.2.35-1
>>>>> Closes: 486415 516256
>>>>> Changes: 
>>>>> libpng (1.2.35-1) unstable; urgency=high
>>>>> .
>>>>>   * New upstream release
>>>>>     - http://secunia.com/advisories/33970/
>>>>>       Fix a vulnerability reported by Tavis Ormandy in which
>>>>>       some arrays of pointers are not initialized prior to using
>>>>>       "malloc" to define the pointers.
>>>>>       Closes: #516256
>>>>>     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
>>>>>       The png_check_keyword function in pngwutil.c in libpng, might
>>>>>       allow context-dependent attackers to set the value of an
>>>>>       arbitrary memory location to zero via vectors involving
>>>>>       creation of crafted PNG files with keywords, related to an
>>>>>       implicit cast of the '\0' character constant to a NULL pointer.
>>>>>   * Don't build libpng3 when binary-indep target is not called.
>>>>>     Closes: #486415
>>>> Ack.
>>> unblocked
>>>
>>> Cheers
>>>
>>> Luk
>> Please push libpng/1.2.35-1 which hasn't been installed yet.
> 
> No help from mips@buildd.debian.org yet.
> 
> Should libpng 1.2.35-1 be given back?

scheduled for upload

Cheers

Luk
Reply to: