libpng vulnerability, why does gnome2 depend on libpng2 and not libpng3?
"Versions of libpng prior to 1.2.4 and 1.0.14 have a buffer overflow
vulnerability that could lead to remote code execution. "
After I read about the libpng vulnerability (
http://lwn.net/Articles/5017/ ) I routinely checked for the version in
debian sid.
ii libpng2 1.0.12-3 PNG library - runtime
ii libpng2-dev 1.0.12-3 PNG library - development
ii libpng3 1.2.1-1.1 PNG library - runtime
un libpng3-dev <keine> (keine Beschreibung vorhanden)
then I decided to do an apt-get install libpng3-dev and the result
shocked me
Note, selecting libpng-dev instead of libpng3-dev
The following extra packages will be installed:
libdirectfb-dev libpng-dev
The following packages will be REMOVED:
clanlib-dev gdk-imlib-dev libbonobo-dev libbonoboui2-dev libcapplet-dev
libeel2-dev libgail-dev libgal2-0-dev libgdk-pixbuf-gnome-dev
libglade-bonobo0-dev libglade-gnome0-dev libglade2-dev
libgnome-desktop-dev
libgnome-dev libgnomecanvas2-dev libgnomedb2-dev libgnomemm-dev
libgnomeprint-dev libgnomeprintui-dev libgnomeui-dev libgtk2.0-dev
libgtkhtml2-dev libgtop2-dev libmagick++5-dev libmagick5-dev
libnautilus2-dev libpng2-dev librsvg2-dev libwmf-dev libwnck-dev
libzvt2-dev
The following NEW packages will be installed:
libpng-dev
1 packages upgraded, 1 newly installed, 31 to remove and 0 not upgraded.
Is there a reason to stay with the old branch? Or is this due to the lag
of the ppc tree?
Christof
--
To UNSUBSCRIBE, email to debian-gtk-gnome-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: