GNU bug report logs - #26009
libpng-apng

Previous Next

Package: guix-patches;

Reported by: ng0 <contact.ng0 <at> cryptolab.net>

Date: Tue, 7 Mar 2017 11:12:01 UTC

Severity: normal

Done: ng0 <contact.ng0 <at> cryptolab.net>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 26009 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Kei Kebreau <kei <at> openmailbox.org>
Cc: 26009 <at> debbugs.gnu.org
Subject: Re: bug#26009: libpng-apng
Date: Mon, 13 Mar 2017 14:25:23 +0100

ng0 <contact.ng0 <at> cryptolab.net> skribis:

>> That said, please make sure the security issues fixed in ‘libpng/fixed’
>> are also fixed in libpng-apng!

[...]

> Do you have any advice how this could be achieved?

I’d check whether libpng-CVE-2016-10087.patch applies to libpng-apng
(it’s the patch that ‘libpng/fixed’ applies.)

Going forward, if the code bases are similar enough, we may have to add
a (cpe-name . "libpng") property to libpng-apng so that ‘guix lint -c
cve’ would report libpng’s vulnerabilities.

HTH!

Ludo’.
This bug report was last modified 8 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.