#23 Dependent libraries not current

closed-invalid
nobody
None
5
2011-01-31
2010-07-22
quanta
No

The zlib and libpng included with current version of OptiPNG are not current, which contain critical vulnerability that are repaired by the latest respective libraries.

Discussion

  • Cosmin Truta

    Cosmin Truta - 2011-01-31

    The last release already has the updated libraries, although, strictly speaking, this does not constitute a "fix".

    As a general rule, if the vulnerabilities of the supporting libraries do not affect OptiPNG (e.g. if there is a vulnerability in handling of a chunk that is not processed by OptiPNG), there is no stringent need to update.

     
  • Cosmin Truta

    Cosmin Truta - 2011-01-31
    • status: open --> closed-invalid
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks