Debian Package Tracker

From: Antoine Beaupré <anarcat@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted optipng 0.6.4-1+deb7u4 (source amd64) into oldoldstable
Date: Thu, 30 Nov 2017 18:50:12 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 30 Nov 2017 13:26:28 -0500
Source: optipng
Binary: optipng
Architecture: source amd64
Version: 0.6.4-1+deb7u4
Distribution: wheezy-security
Urgency: medium
Maintainer: Nelson A. de Oliveira <naoliv@debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 optipng    - advanced PNG (Portable Network Graphics) optimizer
Closes: 878839
Changes:
 optipng (0.6.4-1+deb7u4) wheezy-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2017-16938: A global buffer overflow in OptiPNG 0.7.6 allows
     remote attackers to cause a denial-of-service attack or other
     unspecified impact with a maliciously crafted GIF format file, related
     to an uncontrolled loop in the LZWReadByte function of the gifread.c
     file. (Closes: #878839)
Checksums-Sha1:
 1dfd7cf42cc49aede0cbda62891d4b335a91fa00 1422 optipng_0.6.4-1+deb7u4.dsc
 1a67e64ced73eb3513102c7c95cd31716fa51c98 6542 optipng_0.6.4-1+deb7u4.debian.tar.bz2
 4c39f31acdf7b39c48be863ee2c1a21ed6d4d3cf 90290 optipng_0.6.4-1+deb7u4_amd64.deb
Checksums-Sha256:
 70a9b215f9a4ed8980498117ac5b771beddc21caea5bee6bb5fd40784e577aaf 1422 optipng_0.6.4-1+deb7u4.dsc
 3cc24f2b55f3c899e34dd2c616a3001f180829e6749b417a588c5c3068b56458 6542 optipng_0.6.4-1+deb7u4.debian.tar.bz2
 acd7c04267b3c71e5d815fae1f27c16bab06fd1cae1c9ea6367e3c01523c6ff2 90290 optipng_0.6.4-1+deb7u4_amd64.deb
Files:
 525507f6a1dcaab20d35af042dc59f5c 1422 graphics optional optipng_0.6.4-1+deb7u4.dsc
 d18e440df4557ad0d999f3ec648f6310 6542 graphics optional optipng_0.6.4-1+deb7u4.debian.tar.bz2
 6741bb94fdee460c95950e722b30d04b 90290 graphics optional optipng_0.6.4-1+deb7u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlogTioACgkQPqHd3bJh
2XvWIQf+M2jy7Jb5AmKKx0oo0gTgmOBG4dk2Uxz2q6jXLyyXv3pxjCNhMJ6C6RAh
KGC9XNeKtcCe7XzaA0YEE4pfZVqCLRKpcM9dOJ9wm6fi75gwYT7S3eGbFZH+yHpq
kymeWAgEQH0khfkr2Wl5qlNkRgPxsXyan2zmB82Dv0oExHyTpQmlZUfaT/ECChIz
m82x8QCfvky3e4qt/fVoHrNINM3ReKDyIkqAxfpdYdoboan9iq+/90atpBt5YoZN
fXsyUinQXR/4b/6NIEPrfU9d2TdgQw7j204U1RWoMV46+dB91rdFz9bwFxFPXNtj
Tn76zmqxcKfVzuvorgGAyvhi4la+Tg==
=08u6
-----END PGP SIGNATURE-----

News for package optipng