Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted libpng 1.2.50-2+deb8u2 (source) into proposed-updates->stable-new, proposed-updates
Date: Fri, 15 Jan 2016 10:17:21 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Jan 2016 20:05:55 +0100
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.50-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 807112 807694
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Changes:
 libpng (1.2.50-2+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add patches to address CVE-2015-8472.
     CVE-2015-8472: Incomplete fix for callers on png_set_PLTE. (Closes: #807112)
   * Add CVE-2015-8540.patch patch.
     CVE-2015-8540: underflow read in png_check_keyword(). (Closes: #807694)
Checksums-Sha1: 
 9eb6758421f388efc66f8cc3f5b3faf2ec6936de 2036 libpng_1.2.50-2+deb8u2.dsc
 a272ff50e3a069b13c5bd1dc8ed17c65dfba7868 21496 libpng_1.2.50-2+deb8u2.debian.tar.xz
Checksums-Sha256: 
 ba814b51b9faaac1c0d1c3637013dd37facf87ea9e47348be423747f20f1fb9d 2036 libpng_1.2.50-2+deb8u2.dsc
 04b9bda0c27bc2d5628f8419e4674500b74d5cfc75219c5952c5c5b2de2f8106 21496 libpng_1.2.50-2+deb8u2.debian.tar.xz
Files: 
 11b559c29411e458d94d6d75bcab29cc 2036 libs optional libpng_1.2.50-2+deb8u2.dsc
 29f4114a09887deb5faf0c52d22fcf05 21496 libs optional libpng_1.2.50-2+deb8u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWjr9OAAoJEAVMuPMTQ89EiTUP/1G3xotqRbw9LPV2f63sZxtk
O9QwLQ3V3RWerf7EyStLnp9vAtHxiO6nMaau9nhFCICbv7s83qsikBzGVVSccJ9t
IL+zV8nn/PYxaF9ShGY6z45MyUVSw+uEvDOjdvPrS+R4kNAMsqrK515XTI801w+l
X/Cwbc/NR2QP6MQ5KXlLl7WGl8tRyZgCHCIOikwOi6EzcO4j4uy/TLaKamVjOsS9
FlYiwhq5EVH60h+XrcctWqSy3kNj7QiTdL0pX+xErAmpsNeNcYpz9h4muNZvKZeP
GFotAzftqURqoTSuxIuKqg6zADbeaGC1U5f0K73LdCcYWBhXwyalsSdcdh4QftL9
ENjoWbthg+yLWeJCEgkaBzeEOzwtEuYWum8nBPyr1zCQstizh7WdOb6QkwPTO16A
ULPOmYj2WQiyxZdA1el8aYpV9X7gTx51lTlL93NDLDNPQUSATJcYMDWX/NpFk3uK
tiKh6iSyBO9I3mh4tDsKdskzYCK134HpUkHX94JKZOqTomPi47YQ70aUuaP/vaHT
WyYEtQE5EhE07xYT2eJlh/IiQ6d3oeAunTGGnSsEbmQ2bej9cyWIiTmG//wSD6sO
crmj+1dwCPqYmeAX4WeThsrivgOPYKZOgEiUAlV2di569rr7DWg7SDQEuPjBr1dx
+0lkvIrceLrAKhpFvUWf
=ML86
-----END PGP SIGNATURE-----

News for package libpng