[Pkg-phototools-devel] Wheezy update of pngquant?

Emilio Pozuelo Monfort pochu at debian.org
Wed May 31 07:42:37 UTC 2017


Hi Andreas,

On 31/05/17 08:31, Andreas Tille wrote:
> Hi Raphael,
> 
> thanks for working on Debian LTS.
> 
> On Thu, May 25, 2017 at 01:02:27PM +0200, Raphael Hertzog wrote:
>>
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of pngquant:
>> https://security-tracker.debian.org/tracker/CVE-2016-5735
>>
>> Would you like to take care of this yourself?
>>
>> If yes, please follow the workflow we have defined here:
>> https://wiki.debian.org/LTS/Development
>>
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts at lists.debian.org
>> (via a debdiff, or with an URL pointing to the source package,
>> or even with a pointer to your packaging repository), and the members
>> of the LTS team will take care of the rest. Indicate clearly whether you
>> have tested the updated package or not.
> 
> I admit pngquant is a too unimportant package for me to schedule extra
> time for this.
>  
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
>>
>> You can also opt-out from receiving future similar emails in your
>> answer and then the LTS Team will take care of pngquant updates
>> for the LTS releases.
> 
> I do not want to opt-out in general but please do not expect any action
> from my side for this specific package.

No worries. I already updated pngquant in wheezy. I also found another possible
buffer overflow and reported it upstream, but it's not confirmed yet (and I
don't have a test case to confirm it).

BTW if you can fix this in sid that'd be nice. Or if you're too busy I can fix
it for you there. The fix is pretty simple:

https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285

Cheers,
Emilio



More information about the Pkg-phototools-devel mailing list