-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aníbal Monsalve Salazar <ani...@debian.org> writes:
> please approve / unblock libpng/1.2.35-1 > > Closes: 486415 516256 > Changes: > libpng (1.2.35-1) unstable; urgency=high > . > * New upstream release > - http://secunia.com/advisories/33970/ > Fix a vulnerability reported by Tavis Ormandy in which > some arrays of pointers are not initialized prior to using > "malloc" to define the pointers. > Closes: #516256 > - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907 > The png_check_keyword function in pngwutil.c in libpng, might > allow context-dependent attackers to set the value of an > arbitrary memory location to zero via vectors involving > creation of crafted PNG files with keywords, related to an > implicit cast of the '\0' character constant to a NULL pointer. > * Don't build libpng3 when binary-indep target is not called. > Closes: #486415 Ack. - -- O T A V I O S A L V A D O R - --------------------------------------------- E-mail: ota...@debian.org UIN: 5906116 GNU/Linux User: 239058 GPG ID: 49A5F855 Home Page: http://otavio.ossystems.com.br - --------------------------------------------- "Microsoft sells you Windows ... Linux gives you the whole house." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iEYEARECAAYFAkmi4BUACgkQLqiZQEml+FX/WACfX4WvNGG3JLZb4dJcGtShPdtv 8vUAn1Ggh3+OQzBJSKjvEHF5vugnewjx =41YI -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
