On 6/29/06, Frank Küster
the libpng-version we use has a security problem which is fixed in a
I think they are treated as a security issue if they allow a DoS attack or executing malicious code etc. It doesn't sound friendlier to me at all. A normal bug should be fixed, yes; but it doesn't make sense to backport all fixes for bugs found so far into a stable release. If it's a security issue, it generally makes sense.
In this particular case, I don't know about the impact of the problem, and I personally don't care since we (Debian) compile --with-system-pnglib and therefore get the update automatically.
Most linux distributions will compile using "--with-system-pnglib" anyway.
In Fedora Core 4 I see;
$ ldd /usr/bin/pdfetex | grep libpng
libpng12.so.0 => /usr/lib/libpng12.so.0
People who need to worry about security shouldn't rely on the pdftex
developers to provide new binaries.
--
George N. White III