Hi,
2011/1/18 Aníbal Monsalve Salazar <ani...@debian.org>:
> On Tue, Jan 18, 2011 at 02:33:49PM +0900, Nobuhiro Iwamatsu wrote:
>>>On Tue, Sep 07, 2010 at 12:43:56PM +0200, Cosme Domínguez Díaz wrote:
>>>>Please, package it.
>>>
>>>Sure.
>>>
>>>>FreeImage need a 1.4.x release of libpng to work.
>>>
>>>http://ftp-master.debian.org/new.html
>>>
>>>I'll upload it to experimental (when I have some time) but it'll spend
>>>some time in NEW (see web address above).
>>>
>>>>See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595559#38
>>
>>Hi,
>
> Hello Nobuhiro
>
>>1.4.x of libpng is not yet uploaded in experimental.
>
> I've packaged 1.4.5 but decided to wait for 1.5.0 which was found to
> ship a serious bug soon after if was released. In two days or so 1.5.1
> will be released.
>
> At http://libpng.org/pub/png/libpng.html, it reads:
>
> libpng 1.5.0 (only) introduced a bug in the RGB-to-grayscale transform
> code, which can lead to buffer overruns due to incorrect calculation
> of the number of bytes per pixel. (Since 1.5.0 was just released, no
> apps or OS distributions are believed to ship with it, so the risk
> should be minimal.) This vulnerability has been assigned ID
> CVE-2011-0408 (CERT 643140) and will be fixed in version 1.5.1,
> expected to be released 20 January 2011.
Oh, OK. Thanks.
>
>>When are you going to upload it?
>
> Soon after 1.5.1 is released.
>
OK, I' ll wait relase 1.5.1.
Best regards,
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
