mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] libpng security update
@ 2015-11-16 12:54 Alexander Dahl
  0 siblings, 0 replies; only message in thread
From: Alexander Dahl @ 2015-11-16 12:54 UTC (permalink / raw)
  To: PTXdist Developer Mailinglist

Hei hei, 

there are two vulnerabilities in libpng fixed with the versions released
today [1]: CVE-2015-7981, CVE-2015-8126. ptxdist is still on 1.2.50,
however there's a version 1.2.54 in that branch fixing the issues. 

I had a quick look into the differences and stumbled over the patch
coming with ptxdist regarding sysroot handling. It links to a discussion
on sourceforge leading to a 404 now, which actually moved to
https://sourceforge.net/p/libpng/feature-requests/17/ – I see no
solution there, but 1.2.54 has a new parameter for ./configure named
--with-sysroot[=DIR] which probably makes the patch obsolete.

Maybe someone has time for looking into this, should be not too hard to
update to 1.2.54. I would have done, but I'm not sure how to use the
--with-sysroot option in rules/libpng.make … O:-)

Greets
Alex

[1]
http://www.heise.de/security/meldung/Programmbibliothek-libpng-verlangt-nach-Sicherheitsupdates-2922089.html

-- 
»With the first link, the chain is forged. The first speech censured,
the first thought forbidden, the first freedom denied, chains us all
irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-11-16 12:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-16 12:54 [ptxdist] libpng security update Alexander Dahl

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox