Henri Salo wrote: > There is two open vulnerabilities in libpng 1.2.27-2+lenny4 as you can see > from: > > http://security-tracker.debian.org/tracker/source-package/libpng > > The issues I am concerned about are CVE-2006-7244 and CVE-2009-5063. Notes of > the issues are: "package libpng is vulnerable; however, the security impact > is unimportant.", but I think these aren't unimportant as you can see from > here: > > http://www.openwall.com/lists/oss-security/2011/03/22/7 > http://www.openwall.com/lists/oss-security/2011/03/28/6 > > Is there a plan to fix these issues? Should I create a bug-report?
The CVE entries describe these issues as denial-of-services, which can be chosen to be considered unimportant. Do you have information that the problem is actually more severe than that? If you really want to fix this, you can prepare an ospu and send it to debian-release@l.d.o for review for lenny's next stable update. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110724140306.2b4341292820cea9055fd...@gmail.com
