It also contains libpng version, not sure how vulnerable that is but still I'd guess a bit.
So we're currently installing code for NetBSD, OSX and Windows on Linux boxes (not so good) and it also bundles a copy of tkimg (which in turn bundles jpeg, tiff, and so on). José, can you at least give a nod to this bug or should we consider this ignoring all kind of policies?
Hello! New version of Coccinella ebuild (for 0.96.18) removes some bundeled stuff. TkImg and TkPng are among them. By the way, it is very easy to remove (or just to not install) the code for NetBSD, OS X and Windows during install. For example, by adding such lines into the .ebuild: rm -R "${S}"/bin/unix/NetBSD rm -R "${S}"/bin/windows rm -R "${S}"/bin/macosx before copying the files from the source directory into the final location. I'm not sure I'm right, but this is just what came into my mind. :) I hope, this is a sane thought and will help. Regards, Vladimir.
What is the status of this with 0.96.18 version?
+*coccinella-0.96.20 (20 Mar 2012) + + 20 Mar 2012; Pacho Ramos <pacho@gentoo.org> +coccinella-0.96.20.ebuild, + -coccinella-0.96.18.ebuild, -files/97coccinella: + Version bump (#408273 by Vladimir), remove old. +