Josselin Mouette wrote:
> > However security focus lists versions 1.0.16, 1.0.17, 1.2.6, and 1.2.7 as
> > vulnerable, but I see we've got higher versions in sarge.
> > But I'm unsure if 1.2.8rel-1 is a pre-release version of 1.2.8, and hence
> > whether it will have this fix or not.
>
> Only the woody versions are affected. I guess the security team is
> already preparing an update.
I haven't checked that myself yet, but according to upstream the bug was
introduced in 1.2.7?
| Fixed bug, introduced in libpng-1.2.7, that overruns a buffer during
| strip alpha operation in png_do_strip_filler().
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
