Package: pngcrush Version: 1.7.85-1+b2 Severity: normal Hi.
When using the -ow option to overwrite the source file with the modified file, pngcrush creates a temporary file named "pngout.png" in the current working directory. If the file already exists, it overwrites it. This is not documented, and could cause data loss. It could even be considered a security concern. Also, it causes pngcrush to fail if the output is not in the same filesystem as the current directory. Regards, -- Nicolas George -- System Information: Debian Release: buster/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (50, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.17.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages pngcrush depends on: ii libc6 2.27-8 ii libpng16-16 1.6.34-2 ii zlib1g 1:1.2.11.dfsg-1 pngcrush recommends no packages. pngcrush suggests no packages. -- no debconf information
signature.asc
Description: Digital signature