[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#681414: unblock: libpng/1.2.49-2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: freeze-exception

unblock libpng/1.2.49-2

Please unblock libpng (with udeb binary package).

Upstream released libpng 1.2.50 to fix CVE-2012-3386 recently. I
extracted the relevant change. The debdiff is below.

debdiff libpng_1.2.49-1.dsc libpng_1.2.49-2.dsc
diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog
--- libpng-1.2.49/debian/changelog	2012-04-09 12:14:09.000000000 +1000
+++ libpng-1.2.49/debian/changelog	2012-07-13 12:33:03.000000000 +1000
@@ -1,3 +1,11 @@
+libpng (1.2.49-2) unstable; urgency=high
+
+  * Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+    Add 02-681408-CVE-2012-3386-Makefile.in.patch
+    Closes: #681408
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 13 Jul 2012 12:31:39 +1000
+
 libpng (1.2.49-1) unstable; urgency=high
 
   * New upstream version 1.2.49
diff -Nru libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch
--- libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch	1970-01-01 10:00:00.000000000 +1000
+++ libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch	2012-07-13 12:30:58.000000000 +1000
@@ -0,0 +1,18 @@
+http://bugs.debian.org/681408
+http://security-tracker.debian.org/tracker/CVE-2012-3386
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3386
+
+Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+
+diff -urNp libpng-1.2.49/Makefile.in libpng-1.2.50/Makefile.in
+--- a/Makefile.in	2012-03-29 15:47:09.000000000 +1100
++++ b/Makefile.in	2012-07-10 10:37:13.000000000 +1000
+@@ -1146,7 +1146,7 @@ distcheck: dist
+ 	*.zip*) \
+ 	  unzip $(distdir).zip ;;\
+ 	esac
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
++	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ 	chmod a-w $(distdir)
diff -Nru libpng-1.2.49/debian/patches/series libpng-1.2.49/debian/patches/series
--- libpng-1.2.49/debian/patches/series	2012-04-09 12:07:32.000000000 +1000
+++ libpng-1.2.49/debian/patches/series	2012-07-13 12:33:17.000000000 +1000
@@ -1 +1,2 @@
 01-legacy.patch
+02-681408-CVE-2012-3386-Makefile.in.patch
Reply to: