GLSA 201010-01 contains: <vulnerable range="lt">1.4.3</vulnerable> Bug 335887 suggests that libpng 1.2.44 is not vulnerable. Either the GLSA should be fixed, or 1.2.44 should be masked. Reproducible: Always
This seems to have been fixed for some versions, but now the latest 1.2 version (1.2.51) is not listed. Maybe there should be better support for ranges?
Created attachment 378062 [details, diff] Suggested fix to glsa This got rid of the (false) glsa warning on my setup
Thanks guys, fixes commited