[Secure-testing-team] [Secure-testing-commits] r12708 - data/CVE
Moritz Muehlenhoff
jmm at inutil.org
Sun Aug 30 17:57:47 UTC 2009
On Sun, Aug 30, 2009 at 05:09:16PM +0000, Michael Gilbert wrote:
> Author: gilbert-guest
> Date: 2009-08-30 17:09:16 +0000 (Sun, 30 Aug 2009)
> New Revision: 12708
>
> Modified:
> data/CVE/list
> Log:
> beginning of embedded code copies triage (5 down 395 to go)
>
> + - xulrunner <unfixed>
> + NOTE: libpng code copy present in xulrunner [./modules/libimg/png/*] and possibly [./gfx/cairo/cairo/*]
You should check whether the code is actually compiled in.
xulrunner links dynamically against libpng, so it is not affected.
There's no reason to track such embeddings in the security tracker,
since it's very common that the source packages still contain the
local code copies even if they're not used anymore.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list