#23 Dependent libraries not current

closed-invalid
nobody
None
5
2011-01-31
2010-07-22
quanta
No

The zlib and libpng included with current version of OptiPNG are not current, which contain critical vulnerability that are repaired by the latest respective libraries.

Discussion

  • Cosmin Truta
    Cosmin Truta
    2011-01-31

    The last release already has the updated libraries, although, strictly speaking, this does not constitute a "fix".

    As a general rule, if the vulnerabilities of the supporting libraries do not affect OptiPNG (e.g. if there is a vulnerability in handling of a chunk that is not processed by OptiPNG), there is no stringent need to update.

     
  • Cosmin Truta
    Cosmin Truta
    2011-01-31

    • status: open --> closed-invalid