On Sat, Jan 09, 2016 at 07:45:43PM -0000, Andre Robatino wrote: > I think you're looking at the wrong time period. libpng-1.6.19-1.fc23 > went to stable on 2015-11-23 (see > https://bodhi.fedoraproject.org/updates/FEDORA-2015-9199a1bfe1 ). At > this time, 1.6.17-3 had already been pushed to testing and was just > sitting there. Then it was submitted for stable on 2016-01-06 and went > to stable on 2016-01-07 (see > https://bodhi.fedoraproject.org/updates/FEDORA-2015-4ad4998d00 ), > downgrading the newer version. To make things even more exciting in a changelog on koji one can find these: .... * Wed Nov 18 2015 Petr Hracek <phracek@xxxxxxxxxx> - 2:1.6.17-4 - Security fix for CVE-2015-8126 (#1281757, #1281756). Proper patch * Wed Nov 18 2015 Petr Hracek <phracek@xxxxxxxxxx> - 2:1.6.17-3 - Security fix for CVE-2015-8126 (#1281757, #1281756). .... On a face value of this an "unproper" fix went to bodhi. If the current libpng-1.6.19 required any fixes at all it is not clear. Michal -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
