On Sun, Jul 24, 2011 at 04:54:41PM +0200, Moritz Mühlenhoff wrote: > Henri Salo <[email protected]> schrieb: > > There is two open vulnerabilities in libpng 1.2.27-2+lenny4 as you can see > > from: > > > > http://security-tracker.debian.org/tracker/source-package/libpng > > > > The issues I am concerned about are CVE-2006-7244 and CVE-2009-5063. Notes > > of the issues are: "package libpng is vulnerable; however, the security > > impact is unimportant.", but I think these aren't unimportant as you can > > see from here: > > > > http://www.openwall.com/lists/oss-security/2011/03/22/7 > > http://www.openwall.com/lists/oss-security/2011/03/28/6 > > > > Is there a plan to fix these issues? Should I create a bug-report? > > It's fixed already since 1.2.39-1 for both issues. > > Cheers, > Moritz
Well the tracker says the status for both CVEs is vulnerable. Please note that I am talking about oldstable. Best regards, Henri Salo -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
