Thanks! Looks like this has been done:
$ apt-cache madison libpng
libpng | 1.2.27-1 | http://us.archive.ubuntu.com intrepid/main Sources
** Changed in: libpng (Ubuntu)
Status: Triaged => Fix Released
--
Please sponsor libpng 1.2.24
https://bugs.launchpad.net/bugs/185178
You recei
I will file another bug for the security issues only (pure sync from
debian); feel free to update the APNG patch to be based on 1.2.27-1 for
intrepid
--
Please sponsor libpng 1.2.24
https://bugs.launchpad.net/bugs/185178
You received this bug notification because you are a member of Ubuntu
Bugs,
Attached is the debdiff (filterdiff -i '*/debian/*') from 1.2.15~beta5-3
to 1.2.27-1 (straight from debian, no other patches). Since there are a
number of CVE fixes, it seems like a good candidate for a SRU.
Changelog:
libpng (1.2.27-1) unstable; urgency=low
* New upstream release
* Patches m
The following CVE has been fixed in debian as well:
1.2.26:
* Fix CVE-2008-1382 denial of service and possibly code execution
Add 02-476669-CVE-2008-1382.diff
Closes: #476669
This was merged upstream in 1.2.27
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1382
--
FYI: libpng 1.2.17 has been uploaded to debian unstable
Would the APNG patch be acceptable in intrepid?
--
Please sponsor libpng 1.2.24
https://bugs.launchpad.net/bugs/185178
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bu
Morten, it is stuck here because of the unwanted APNG patch. That's the
reason why Firefox 3 has to ship with in-source png instead of system
png.
If someone from ubuntu-main-sponsors tells me that another debdiff for
1.2.26 but *without* APNG is still acceptable at this point in hardy, I
would su
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2445
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5266
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5268
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5
It seems the updates of libpng in Debian has ceased, and the version is
stuck at 1.2.15~beta5-3. Meanwhile, quite a number of CVEs have been
reported at the upstream homepage, where the version is now at 1.2.26.
This package should certainly be updated.
** Changed in: libpng (Ubuntu)
Importanc
** Changed in: libpng (Ubuntu)
Assignee: (unassigned) => Morten Kjeldgaard (mok0)
--
Please sponsor libpng 1.2.24
https://bugs.launchpad.net/bugs/185178
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ub
Please tell me if something is preventing this to be sponsored.
--
Please sponsor libpng 1.2.24
https://bugs.launchpad.net/bugs/185178
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
Oops, wrong debdiff. Here is the right one. I've also updated the
Maintainer field that I've missed before.
** Attachment added: "debdiff from 1.2.15~beta5-3 to 1.2.24-0ubuntu1 (v2)"
http://launchpadlibrarian.net/11488237/libpng-1.2.15%7Ebeta5-3--1.2.24-0ubuntu1.debdiff
** Description changed
11 matches
Mail list logo
