Hei hei, there are two vulnerabilities in libpng fixed with the versions released today [1]: CVE-2015-7981, CVE-2015-8126. ptxdist is still on 1.2.50, however there's a version 1.2.54 in that branch fixing the issues.
I had a quick look into the differences and stumbled over the patch coming with ptxdist regarding sysroot handling. It links to a discussion on sourceforge leading to a 404 now, which actually moved to https://sourceforge.net/p/libpng/feature-requests/17/ – I see no solution there, but 1.2.54 has a new parameter for ./configure named --with-sysroot[=DIR] which probably makes the patch obsolete. Maybe someone has time for looking into this, should be not too hard to update to 1.2.54. I would have done, but I'm not sure how to use the --with-sysroot option in rules/libpng.make … O:-) Greets Alex [1] http://www.heise.de/security/meldung/Programmbibliothek-libpng-verlangt-nach-Sicherheitsupdates-2922089.html -- »With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie) *** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601 D1D5 8FBA 7744 CC87 10D0 *** _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de
