Bug#681414: unblock: libpng/1.2.49-2

Thu, 12 Jul 2012 20:10:15 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: freeze-exception

unblock libpng/1.2.49-2

Please unblock libpng (with udeb binary package).

Upstream released libpng 1.2.50 to fix CVE-2012-3386 recently. I
extracted the relevant change. The debdiff is below.

debdiff libpng_1.2.49-1.dsc libpng_1.2.49-2.dsc
diff -Nru libpng-1.2.49/debian/changelog libpng-1.2.49/debian/changelog
--- libpng-1.2.49/debian/changelog      2012-04-09 12:14:09.000000000 +1000
+++ libpng-1.2.49/debian/changelog      2012-07-13 12:33:03.000000000 +1000
@@ -1,3 +1,11 @@
+libpng (1.2.49-2) unstable; urgency=high
+
+  * Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+    Add 02-681408-CVE-2012-3386-Makefile.in.patch
+    Closes: #681408
+
+ -- Anibal Monsalve Salazar <ani...@debian.org>  Fri, 13 Jul 2012 12:31:39 
+1000
+
 libpng (1.2.49-1) unstable; urgency=high
 
   * New upstream version 1.2.49
diff -Nru 
libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch 
libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch
--- libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch      
1970-01-01 10:00:00.000000000 +1000
+++ libpng-1.2.49/debian/patches/02-681408-CVE-2012-3386-Makefile.in.patch      
2012-07-13 12:30:58.000000000 +1000
@@ -0,0 +1,18 @@
+http://bugs.debian.org/681408
+http://security-tracker.debian.org/tracker/CVE-2012-3386
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3386
+
+Change "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386
+
+diff -urNp libpng-1.2.49/Makefile.in libpng-1.2.50/Makefile.in
+--- a/Makefile.in      2012-03-29 15:47:09.000000000 +1100
++++ b/Makefile.in      2012-07-10 10:37:13.000000000 +1000
+@@ -1146,7 +1146,7 @@ distcheck: dist
+       *.zip*) \
+         unzip $(distdir).zip ;;\
+       esac
+-      chmod -R a-w $(distdir); chmod a+w $(distdir)
++      chmod -R a-w $(distdir); chmod u+w $(distdir)
+       mkdir $(distdir)/_build
+       mkdir $(distdir)/_inst
+       chmod a-w $(distdir)
diff -Nru libpng-1.2.49/debian/patches/series 
libpng-1.2.49/debian/patches/series
--- libpng-1.2.49/debian/patches/series 2012-04-09 12:07:32.000000000 +1000
+++ libpng-1.2.49/debian/patches/series 2012-07-13 12:33:17.000000000 +1000
@@ -1 +1,2 @@
 01-legacy.patch
+02-681408-CVE-2012-3386-Makefile.in.patch



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to