You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@harmony.apache.org by Mark Hindess <ma...@googlemail.com> on 2010/07/07 21:57:58 UTC

[security] Vulnerabilities in libpng in milestone releases

I've updated the libpng dependency from version 1.4.1 to 1.4.3 in commit
r959412.  The 1.4.1 release contains some vulnerabilities described at:

  http://www.libpng.org/pub/png/libpng.html
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205

These problems will affect our windows milestone releases.  These are
development milestones but anyone using them in production should
consider updating the awt and imageio dlls.

Regards,
 Mark.