current app-emulation/emul-linux-x86-baselibs contains media-libs/libpng-1.2.12, therefore affected by bug 154380
amd64, pls provide an updated ebuild (don't forget about the other security bugs open for even more app-emulation/... packages)
fixed in emul-linux-x86-baselibs-2.5.4
Thx Olivier, please don't close security bugs. Security, time for GLSA decision. (Is A rating correct?)
guess this should be B3 and not A3 We did a GLSA on the original bug, so I tend to vote yes (a tiny little yes vote only though). Could be a really short GLSA mainly referencing the original, since the issue itself really is not a big one.
½ yes vote from me as well.
1. Its not stable yet. Don't you want to wait until its stable to issue a GLSA? 2. Do you want to wait for openssl to be updated before issuing a combined GLSA ?
Thx for the note Olivier. I misunderstood your comment #2 to say that it was stable. Back to stable marking for now.
It was marked stable Dec 7. Sorry no one mentioned it here...
Thx for the update dang. This one is ready for GLSA vote. I tend to vote YES.
a crash on applications using the libpng code? without more severe impact, i vote noglsa.
there was GLSA 200612-11 about the openssl issue already, so we could just drop this if voted against or update that glsa with info about libpng /me tends to vote no
This was minor in the first case. Reverting to
This was minor in the first case. Reverting to ½ NO and closing.