On Tue, Jan 18, 2011 at 02:33:49PM +0900, Nobuhiro Iwamatsu wrote: >>On Tue, Sep 07, 2010 at 12:43:56PM +0200, Cosme Domínguez Díaz wrote: >>>Please, package it. >> >>Sure. >> >>>FreeImage need a 1.4.x release of libpng to work. >> >>http://ftp-master.debian.org/new.html >> >>I'll upload it to experimental (when I have some time) but it'll spend >>some time in NEW (see web address above). >> >>>See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595559#38 > >Hi,
Hello Nobuhiro >1.4.x of libpng is not yet uploaded in experimental. I've packaged 1.4.5 but decided to wait for 1.5.0 which was found to ship a serious bug soon after if was released. In two days or so 1.5.1 will be released. At http://libpng.org/pub/png/libpng.html, it reads: libpng 1.5.0 (only) introduced a bug in the RGB-to-grayscale transform code, which can lead to buffer overruns due to incorrect calculation of the number of bytes per pixel. (Since 1.5.0 was just released, no apps or OS distributions are believed to ship with it, so the risk should be minimal.) This vulnerability has been assigned ID CVE-2011-0408 (CERT 643140) and will be fixed in version 1.5.1, expected to be released 20 January 2011. >When are you going to upload it? Soon after 1.5.1 is released. >Some user and some developers want to try new libpng. >thanks for your package. > >Best regards, > Nobuhiro Regards, Anibal
signature.asc
Description: Digital signature
