It's probably not useless but it has serious issues.
Since the changelog is quite long since 2010 I didn't extract the
essentials. Updated description now.
** Changed in: optipng (Ubuntu)
Status: Invalid => Confirmed
** Description changed:
update package was requested via debian/ubuntu - doesn't happen. ref.:
bug748972
implicates removal request.
Package is completely outdated:
http://optipng.sourceforge.net/history.txt
+
+
+ Legend
+ ------
+ ++ Added or improved performance-related feature
+ (might improve compression ratio or processing speed).
+ + Added or improved feature.
+ - Removed feature.
+ ! Fixed bug.
+ !! Fixed critical bug
+ (crash, data/metadata loss or security hazard).
+ * Other modification (e.g. architectural improvement).
+
+ Security-fix that are missing:
+ :
+ Version 0.6.5 24-jan-2011
+ !! Fixed processing of PNG files with chunks of size 0.
+ (Thanks to Matthew Fearnley for the report.)
+
+ !! Fixed the I/O states (in libpng 1.4.5);
+ they caused incorrect file reads in some rare cases.
+ (Thanks to [M*A*S*H] and Dmitry Marakasov for the report.)
+
+ Version 0.7 29-feb-2012
+ !! Fixed a memory leak that occurred when reading broken GIF images.
+
+ Version 0.7.3 16-sep-2012
+ !! Fixed a use-after-free vulnerability in the palette reduction code.
+ This vulnerability was accidentally introduced in version 0.7.
** Description changed:
update package was requested via debian/ubuntu - doesn't happen. ref.:
bug748972
implicates removal request.
Package is completely outdated:
http://optipng.sourceforge.net/history.txt
-
Legend
------
++ Added or improved performance-related feature
- (might improve compression ratio or processing speed).
- + Added or improved feature.
- - Removed feature.
- ! Fixed bug.
+ (might improve compression ratio or processing speed).
+ + Added or improved feature.
+ - Removed feature.
+ ! Fixed bug.
!! Fixed critical bug
- (crash, data/metadata loss or security hazard).
- * Other modification (e.g. architectural improvement).
+ (crash, data/metadata loss or security hazard).
+ * Other modification (e.g. architectural improvement).
- Security-fix that are missing:
+ Security-fix that are missing, extracted from above listed changelog:
:
Version 0.6.5 24-jan-2011
!! Fixed processing of PNG files with chunks of size 0.
- (Thanks to Matthew Fearnley for the report.)
+ (Thanks to Matthew Fearnley for the report.)
!! Fixed the I/O states (in libpng 1.4.5);
- they caused incorrect file reads in some rare cases.
- (Thanks to [M*A*S*H] and Dmitry Marakasov for the report.)
+ they caused incorrect file reads in some rare cases.
+ (Thanks to [M*A*S*H] and Dmitry Marakasov for the report.)
Version 0.7 29-feb-2012
!! Fixed a memory leak that occurred when reading broken GIF images.
Version 0.7.3 16-sep-2012
!! Fixed a use-after-free vulnerability in the palette reduction code.
- This vulnerability was accidentally introduced in version 0.7.
+ This vulnerability was accidentally introduced in version 0.7.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4432
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1211093
Title:
[removal request] package completely outdated - critical bugs dont get
implemented
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/optipng/+bug/1211093/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
