On Sun, Jul 24, 2011 at 06:08:49PM +0300, Henri Salo wrote:
> On Sun, Jul 24, 2011 at 04:54:41PM +0200, Moritz Mühlenhoff wrote:
> > Henri Salo <[email protected]> schrieb:
> > > There is two open vulnerabilities in libpng 1.2.27-2+lenny4 as you can
> > > see from:
> > >
> > > http://security-tracker.debian.org/tracker/source-package/libpng
> > >
> > > The issues I am concerned about are CVE-2006-7244 and CVE-2009-5063.
> > > Notes of the issues are: "package libpng is vulnerable; however, the
> > > security impact is unimportant.", but I think these aren't unimportant as
> > > you can see from here:
> > >
> > > http://www.openwall.com/lists/oss-security/2011/03/22/7
> > > http://www.openwall.com/lists/oss-security/2011/03/28/6
> > >
> > > Is there a plan to fix these issues? Should I create a bug-report?
> >
> > It's fixed already since 1.2.39-1 for both issues.
> >
> > Cheers,
> > Moritz
>
> Well the tracker says the status for both CVEs is vulnerable. Please note
> that I am talking about oldstable.
It's not treated as a security issue for Debian, so we won't backport
it to oldstable.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
