[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#26009: libpng-apng
|
From: |
Kei Kebreau |
|
Subject: |
bug#26009: libpng-apng |
|
Date: |
Tue, 14 Mar 2017 13:24:22 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
address@hidden (Ludovic Courtès) writes:
> ng0 <address@hidden> skribis:
>
>>> That said, please make sure the security issues fixed in ‘libpng/fixed’
>>> are also fixed in libpng-apng!
>
> [...]
>
>> Do you have any advice how this could be achieved?
>
> I’d check whether libpng-CVE-2016-10087.patch applies to libpng-apng
> (it’s the patch that ‘libpng/fixed’ applies.)
>
> Going forward, if the code bases are similar enough, we may have to add
> a (cpe-name . "libpng") property to libpng-apng so that ‘guix lint -c
> cve’ would report libpng’s vulnerabilities.
>
> HTH!
>
> Ludo’.
Those tips helped quite a bit! Libpng-apng now builds reproducibly. Now
the only issues are the CVE patch name not beginning with "libpng-apng"
and the sourceforge URL using "*.sourceforge.net/project" instead of
"*.sourceforge.net/projects" (this detail leads to a 404 Error while linting).
signature.asc
Description: PGP signature
- bug#26009: libpng-apng, ng0, 2017/03/07
- bug#26009: libpng-apng, Kei Kebreau, 2017/03/12
- bug#26009: libpng-apng, ng0, 2017/03/13
- bug#26009: libpng-apng, Ludovic Courtès, 2017/03/13
- bug#26009: libpng-apng, ng0, 2017/03/13
- bug#26009: libpng-apng, Ludovic Courtès, 2017/03/13
- bug#26009: libpng-apng,
Kei Kebreau <=
- bug#26009: libpng-apng, Ludovic Courtès, 2017/03/14
- bug#26009: libpng-apng, Kei Kebreau, 2017/03/14
- bug#26009: libpng-apng, ng0, 2017/03/15
- bug#26009: libpng-apng, Kei Kebreau, 2017/03/15
- bug#26009: libpng-apng, Ludovic Courtès, 2017/03/16
- bug#26009: libpng-apng, Kei Kebreau, 2017/03/16
- bug#26009: libpng-apng, ng0, 2017/03/16
- bug#26009: libpng-apng, Kei Kebreau, 2017/03/17
- bug#26009: libpng-apng, ng0, 2017/03/23