Comment 8 for bug 185178

Attached is the debdiff (filterdiff -i '*/debian/*') from 1.2.15~beta5-3 to 1.2.27-1 (straight from debian, no other patches). Since there are a number of CVE fixes, it seems like a good candidate for a SRU.

Changelog:
libpng (1.2.27-1) unstable; urgency=low

  * New upstream release
  * Patches merged upstream:
    debian/patches/02-476669-CVE-2008-1382.diff
    debian/patches/03-404514-png.5.diff
  * Run ./autogen.sh

 -- Anibal Monsalve Salazar <email address hidden> Tue, 29 Apr 2008 17:22:16 +1000

libpng (1.2.26-1) unstable; urgency=high

  * New upstream release. Closes: #431202
  * Use quilt
    Add 01-legacy.diff
  * Fix CVE-2008-1382 denial of service and possibly code execution
    Add 02-476669-CVE-2008-1382.diff
    Closes: #476669
  * Fix URL in png.5. Closes: #404514
    Add 03-404514-png.5.diff
  * Move examples to libpng12-dev. Closes: #401467
  * Fix "libpng (<= 1.2.20) contains grey-licensed code". Closes: #469126
  * Fix the following lintian issues:
    W: libpng source: debian-rules-ignores-make-clean-error line 37
    W: libpng source: substvar-source-version-is-deprecated libpng12-dev
    W: libpng source: out-of-date-standards-version 3.7.2 (current is 3.7.3)
    W: libpng12-0-udeb udeb: description-contains-homepage
    W: libpng3: description-contains-homepage
    W: libpng12-dev: description-contains-homepage
    W: libpng12-0: package-contains-empty-directory usr/bin/
    W: libpng12-0: package-contains-empty-directory usr/sbin/
    W: libpng12-0: description-contains-homepage
    W: libpng12-0: doc-base-unknown-section libpng12:22 Apps/Programming

 -- Anibal Monsalve Salazar <email address hidden> Sun, 20 Apr 2008 18:22:32 +1000