> > The core maintainer of libpng did not respond for a month to another > security related bug: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211705 > > According to the reporter it describes a bug that is now already nearly 5 > months known. Please do something now to fix this, > I'm going to presume you're claiming that since Fedora Core doesn't have the latest libpng, it's vulnerable to the issues fixed in the upstream new version. libpng in Fedora Core has all relevant security issues backported into it. CVE-2006-5793 is not currently fixed, but I suspect we won't be fixing it as it's simply a client crash and should not have been called a security issue in the first place. Even if we do consider it a security flaw, it represents an extremely low severity flaw. If you have concerns regarding a specific issue, feel free to bring that up, but bug 211705 in no way represents a security flaw. -- JB -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
