-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 21 Feb 2009 15:50:52 +1100 Source: libpng Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb Architecture: source all amd64 Version: 1.2.35-1 Distribution: unstable Urgency: high Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Anibal Monsalve Salazar <ani...@debian.org> Description: libpng12-0 - PNG library - runtime libpng12-0-udeb - PNG library - minimal runtime library (udeb) libpng12-dev - PNG library - development libpng3 - PNG library - runtime Closes: 486415 516256 Changes: libpng (1.2.35-1) unstable; urgency=high . * New upstream release - http://secunia.com/advisories/33970/ Fix a vulnerability reported by Tavis Ormandy in which some arrays of pointers are not initialized prior to using "malloc" to define the pointers. Closes: #516256 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907 The png_check_keyword function in pngwutil.c in libpng, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. * Don't build libpng3 when binary-indep target is not called. Closes: #486415 Checksums-Sha1: 1a3536998ef0531bfd243a92ee0844ff841661f5 1172 libpng_1.2.35-1.dsc b57475ab05f8c2da1ad440cbd5b007e623f1f360 802267 libpng_1.2.35.orig.tar.gz 0c0e691e43f7b3f0793b7e5afb4c8faf467e8374 14811 libpng_1.2.35-1.diff.gz 29e58340cc355c2626ee84259f9c08f7e3c9dcb0 878 libpng3_1.2.35-1_all.deb 9cd88243bfb929babcdc8ede5b3b3b2a27bcda39 169370 libpng12-0_1.2.35-1_amd64.deb dc64f52fe6ca1911c9747be2e4acf642dfe30d5e 259142 libpng12-dev_1.2.35-1_amd64.deb b4ec03785eb6a0c55b945abfba2cd572e8fd9fcd 71912 libpng12-0-udeb_1.2.35-1_amd64.udeb Checksums-Sha256: 4e14341176c33ac6785dc67db34c6d3665d44d84a7afbee5a9dd4db3b92cf1c6 1172 libpng_1.2.35-1.dsc 1da5c80096e8a014911e00fab4661c0f77ce523ae4d41308815f307ee709fc7f 802267 libpng_1.2.35.orig.tar.gz ce62062778b629e0f58f9b8922a21949a9be165d2125c1c8133c1b6510577d32 14811 libpng_1.2.35-1.diff.gz 1d2dea1f7ecac465d55a4de34d2350f1c4c94452dec120f51bb100e165b679fd 878 libpng3_1.2.35-1_all.deb b2a1eb183650eb0cc17b16c2d6e4f62dc16afa1a103385fa8cf3a970aaa47ea1 169370 libpng12-0_1.2.35-1_amd64.deb bef5be75f3ce1912c231474a9c229ead7d7c61c6a90dd42ab312470235dd2ac4 259142 libpng12-dev_1.2.35-1_amd64.deb 39baaa330b2c04fa680e6c5d6b2f558b3f0c4b6c0ca104b9e049157f0c435e5e 71912 libpng12-0-udeb_1.2.35-1_amd64.udeb Files: bbbe4f30595ec66790e7d3f54f67a17b 1172 libs optional libpng_1.2.35-1.dsc 8ca6246930a57d5be7adc7c4e7fb5e00 802267 libs optional libpng_1.2.35.orig.tar.gz dcfc7a5ce5ed9e6cc8875328f1d0b707 14811 libs optional libpng_1.2.35-1.diff.gz ca1fe8f6e06dbc852b2a096c962fd04d 878 oldlibs optional libpng3_1.2.35-1_all.deb a66c02034b86eb31ef18cc9073b0258b 169370 libs optional libpng12-0_1.2.35-1_amd64.deb 106a312f7dc70cd06409138c362d00ca 259142 libdevel optional libpng12-dev_1.2.35-1_amd64.deb 4d875d98ee11d83eb43d4aa96e78d6b0 71912 debian-installer extra libpng12-0-udeb_1.2.35-1_amd64.udeb Package-Type: udeb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmfxjwACgkQgY5NIXPNpFWbngCgjjuX270GU6jxxWttXVCccgyw la4AnR2MnRxLIEngf3Rf9MLhCSvdfnls =f0pc -----END PGP SIGNATURE----- Accepted: libpng12-0-udeb_1.2.35-1_amd64.udeb to pool/main/libp/libpng/libpng12-0-udeb_1.2.35-1_amd64.udeb libpng12-0_1.2.35-1_amd64.deb to pool/main/libp/libpng/libpng12-0_1.2.35-1_amd64.deb libpng12-dev_1.2.35-1_amd64.deb to pool/main/libp/libpng/libpng12-dev_1.2.35-1_amd64.deb libpng3_1.2.35-1_all.deb to pool/main/libp/libpng/libpng3_1.2.35-1_all.deb libpng_1.2.35-1.diff.gz to pool/main/libp/libpng/libpng_1.2.35-1.diff.gz libpng_1.2.35-1.dsc to pool/main/libp/libpng/libpng_1.2.35-1.dsc libpng_1.2.35.orig.tar.gz to pool/main/libp/libpng/libpng_1.2.35.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org