Added by Markus Klemm over 8 years ago
Hi there,
since Wt uses libpng via at least libharu, and libpng got a major vulnerability (CVE-2015-8126), fixed 5 days ago, that potentially enables remote code execution, I'm asking myself:
Is Wt vulnerable? Shouldn't the libpng, included in the binary releases, be updated?
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
I don't want so spread panic, but I'm a little nervous, and some comforting would be very nice.
Regards
Hey Markus,
Possibly, I'm not fully aware how libharu uses libpng. I'll update the png library for the next binary Wt build (windows).
Wim.