You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@harmony.apache.org by Mark Hindess <ma...@googlemail.com> on 2010/07/07 21:57:58 UTC
[security] Vulnerabilities in libpng in milestone releases
I've updated the libpng dependency from version 1.4.1 to 1.4.3 in commit
r959412. The 1.4.1 release contains some vulnerabilities described at:
http://www.libpng.org/pub/png/libpng.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
These problems will affect our windows milestone releases. These are
development milestones but anyone using them in production should
consider updating the awt and imageio dlls.
Regards,
Mark.