Otavio Salvador wrote: > Aníbal Monsalve Salazar <ani...@debian.org> writes: > >> please approve / unblock libpng/1.2.35-1 > >> Closes: 486415 516256 >> Changes: >> libpng (1.2.35-1) unstable; urgency=high >> . >> * New upstream release >> - http://secunia.com/advisories/33970/ >> Fix a vulnerability reported by Tavis Ormandy in which >> some arrays of pointers are not initialized prior to using >> "malloc" to define the pointers. >> Closes: #516256 >> - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907 >> The png_check_keyword function in pngwutil.c in libpng, might >> allow context-dependent attackers to set the value of an >> arbitrary memory location to zero via vectors involving >> creation of crafted PNG files with keywords, related to an >> implicit cast of the '\0' character constant to a NULL pointer. >> * Don't build libpng3 when binary-indep target is not called. >> Closes: #486415 > > Ack.
unblocked Cheers Luk -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
