Aníbal Monsalve Salazar wrote: > On Sun, Mar 01, 2009 at 04:39:52PM +1100, Anibal Monsalve Salazar wrote: >> On Mon, Feb 23, 2009 at 06:47:11PM +0100, Luk Claes wrote: >>> Otavio Salvador wrote: >>>> Aníbal Monsalve Salazar <ani...@debian.org> writes: >>>> >>>>> please approve / unblock libpng/1.2.35-1 >>>>> Closes: 486415 516256 >>>>> Changes: >>>>> libpng (1.2.35-1) unstable; urgency=high >>>>> . >>>>> * New upstream release >>>>> - http://secunia.com/advisories/33970/ >>>>> Fix a vulnerability reported by Tavis Ormandy in which >>>>> some arrays of pointers are not initialized prior to using >>>>> "malloc" to define the pointers. >>>>> Closes: #516256 >>>>> - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907 >>>>> The png_check_keyword function in pngwutil.c in libpng, might >>>>> allow context-dependent attackers to set the value of an >>>>> arbitrary memory location to zero via vectors involving >>>>> creation of crafted PNG files with keywords, related to an >>>>> implicit cast of the '\0' character constant to a NULL pointer. >>>>> * Don't build libpng3 when binary-indep target is not called. >>>>> Closes: #486415 >>>> Ack. >>> unblocked >>> >>> Cheers >>> >>> Luk >> Please push libpng/1.2.35-1 which hasn't been installed yet. > > No help from m...@buildd.debian.org yet. > > Should libpng 1.2.35-1 be given back?
scheduled for upload Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
