Hi Developers and release team. Since libpng 1.5.11 is vulnerable to CVE-2012-3386 [1], fixed in 1.5.12 and 1.6.3, and that this transition hadn't hit wheezy, I would like to suggest you to change the transition directly to 1.6.3 instead of 1.5. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386 Gianfranco