Comment 1 Alex Legler (RETIRED) 2009-06-07 21:10:26 UTC

megapov is at least affected by CVE-2008-5709 (c.f. bug 255231).
For susceptibility to CVE-2008-5907, only 2 out of 3 needed requirements are met.

I didn't check for other issues, but the one hit is enough for me to take action:

Graphics, can you rip out libpng? If not, as upstream development seems to have stopped and no package RDPENEDS on it, we'd have to consider megapov as a candidate for removal.

Comment 2 Alex Legler (RETIRED) 2009-06-23 23:41:36 UTC

No response from maintainers.
Treecleaners, please proceed to last rites.

Comment 3 Jeremy Olexa (darkside) (RETIRED) 2009-07-03 16:21:22 UTC

# Jeremy Olexa <darkside@gentoo.org> (3 Jul 2009)
# Security issue, dead upstream. Removal in 60 days, bug 273105
media-gfx/megapov

Comment 4 Jeremy Olexa (darkside) (RETIRED) 2009-09-04 01:45:40 UTC

removed from tree, security team: all yours.

Comment 5 Stefan Behte (RETIRED) 2009-11-07 01:47:38 UTC

libpng was rated B2 in bug #255231

Comment 6 Alex Legler (RETIRED) 2009-11-07 08:58:26 UTC

megapov was never stable from what I see. → noglsa