On Thu, 2020-03-26 at 02:36 +0000, Anuj Mittal wrote: > This patch has not yet been merged upstream and upstream has disputed > the security impact of this CVE. So I am not sure if we should take > this. > > https://github.com/glennrp/libpng/issues/269 > > Has any distro taken this?
I did also read into the CVE and yes, it is quite questionable. I'm leaning towards not taking it if upstream aren't interested. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#136748): https://lists.openembedded.org/g/openembedded-core/message/136748 Mute This Topic: https://lists.openembedded.org/mt/72504278/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
