A vulnerability has been reported in Irrlicht, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of vulnerable libpng code. The vulnerability is reported in versions prior to 1.3.1.
Version 1.3.1 is already in the tree. Games, is this version ready to go stable? Or is there a good reason why it isn't stable yet (even 1.3 is in the tree for 4 months now, without any bugs)? Please advise.
I don't think we're affected by this because all of the versions in the tree are built without the bundled jpeg, zlib and libpng.
i would close it as INVALID, as Tristan says that the gentoo versions don't use the vulnerable code. Furthermore the relevance of that bug is questionable, since we don't handle client-side DoS, and i'm not sure a DoS could be triggered on a server here. Feel free to reopen if you have clue that we're affected and a server using this engine could be remotely crashed.
