> Package : xloadimage > Vulnerability : missing input sanitising, integer overflow > CVE ID : CAN-2005-0638 CAN-2005-0639 > Debian Bug : 298926 But the latest security upload changed the dependencies. Obviously that was unintentional. But it is still a bad thing. From: Depends: libc6 (>= 2.2.4-4), libjpeg62, libpng2(>=1.0.12), libtiff3g, xlibs (>> 4.1.0), zlib1g (>= 1:1.1.3) To: Depends: libc6 (>= 2.2.4-4), libjpeg62, libpng3, libtiff3g, xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4) This means that an 'apt-get upgrade' will not satisfy the dependencies of libpng3 and a dist-upgrade is required. Can a new upload be made that fixes this problem? Thanks Bob
Attachment:
signature.asc
Description: Digital signature