-
-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade libpng to 1.6.37 (fixes vulnerability) #30564
Comments
Author: Matthias Koeppe |
Commit: |
This comment has been minimized.
This comment has been minimized.
comment:4
lgtm |
Reviewer: Dima Pasechnik |
comment:5
Thanks! |
Changed branch from u/mkoeppe/upgrade_libpng_to_1_6_37__fixes_vulnerability_ to |
comment:7
|
Changed commit from |
comment:8
hmm, libpng installs an unversioned |
comment:10
Moving to 9.4, as 9.3 has been released. |
Removed branch from ticket description; replaced by PR #38522. |
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Rebased and updated from sagemath#30564. Fixes sagemath#30564 ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [ ] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation and checked the documentation preview. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> URL: sagemath#38522 Reported by: Matthias Köppe Reviewer(s): Kwankyu Lee
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Rebased and updated from sagemath#30564. Fixes sagemath#30564 ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [ ] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation and checked the documentation preview. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> URL: sagemath#38522 Reported by: Matthias Köppe Reviewer(s): Kwankyu Lee
The libpng homepage warns:
Before this ticket we have libpng 1.6.29 which
has the vulnerability. This ticket upgrades to
libpng 1.6.37 which fixes it.
Previous update: #22159 (1.6.29)
Tarball: see checksums.ini
CC: @jpflori @frederichan-IMJPRG @tscrim @slel @dimpase
Component: packages: standard
Author: Matthias Koeppe
Reviewer: Dima Pasechnik
Issue created by migration from https://trac.sagemath.org/ticket/30564
The text was updated successfully, but these errors were encountered: