This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
[SECURITY] libpng vulnerabilities
- From: "Yaakov (Cygwin/X)" <yselkowitz at users dot sourceforge dot net>
- To: cygwin-apps <cygwin-apps at cygwin dot com>
- Date: Tue, 26 Jul 2011 14:43:04 -0500
- Subject: [SECURITY] libpng vulnerabilities
Chuck,
All versions of libpng have recently announced security vulnerabilities:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2692
Remedy:
Update libpng10 to 1.0.55 (or just remove it, as nothing in the distro
depends on it any more), libpng12 to 1.2.45, and libpng14 to 1.4.8.
Thanks,
Yaakov