This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] libpng vulnerabilities
- From: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
- To: Mailing List: CygWin-Apps <cygwin-apps at cygwin dot com>
- Date: Tue, 26 Jul 2011 15:48:12 -0400
- Subject: Re: [SECURITY] libpng vulnerabilities
- References: <1311709387.5672.10.camel@YAAKOV04>
- Reply-to: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
On 7/26/2011 3:43 PM, Yaakov (Cygwin/X) wrote:
> Remedy:
> Update libpng10 to 1.0.55 (or just remove it, as nothing in the distro
> depends on it any more), libpng12 to 1.2.45, and libpng14 to 1.4.8.
Thanks for the headsup. I don't think I can get to this before tomorrow
night, tho.
General question: would it be acceptable to move libpng10 to obsolete
(removing libpng10-devel), and NOT update it -- rather than removing it
entirely?
--
Chuck