** Summary changed: - OptiPNG 0.6.2 + OptiPNG 0.6.2 (previous versions vulnerable to vulnerable to array-overflow attacks)
** Description changed: Binary package hint: optipng OptiPNG is still proposed in v0.6 in Intrepid. Latest version is 0.6.2. The package should be updated. + + From project homepage: http://optipng.sourceforge.net/ + + Security alert! + OptiPNG versions 0.6 and 0.6.1 are vulnerable to array-overflow attacks, due to a bug in the BMP image reader. This problem is fixed in version 0.6.2. Upgrading to this version is highly recommended. + + However, if you are not ready to upgrade to version 0.6.2 just yet, you + may keep using the previous version by applying the patch below. + + * Security patch for OptiPNG 0.6.1: optipng-0.6.1.1.diff + (Sorry, there are no recompiled binaries, and no patch for version 0.6.) -- OptiPNG 0.6.2 (previous versions vulnerable to vulnerable to array-overflow attacks) https://bugs.launchpad.net/bugs/296798 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
