Hi, @pengjianbo , @7449 , I'd like to report a vulnerability issue in cn.finalteam.rxgalleryfinal:library:0.0.3.
Issue Description
cn.finalteam.rxgalleryfinal:library:0.0.3 directly or transitively depends on 5 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:
libpng has fixed the vulnerabilities in versions >=1.6.37
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects.
Could you please upgrade the above shared libraries to their patch versions?
Hi, @pengjianbo , @7449 , I'd like to report a vulnerability issue in cn.finalteam.rxgalleryfinal:library:0.0.3.
Issue Description
cn.finalteam.rxgalleryfinal:library:0.0.3 directly or transitively depends on 5 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C libraries is vulnerable, containing the following CVEs:
libucrop.so
from C project libpng(version:1.6.22) exposed 2 vulnerabilities: CVE-2017-12652, CVE-2016-10087Suggested Vulnerability Patch Versions
libpng has fixed the vulnerabilities in versions >=1.6.37
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~ Best regards, Helen Parr