Hi, @lambdapioneer , @cuva , I'd like to report a vulnerability issue in com.facebook.spectrum:spectrum-png:1.3.0.
Issue Description
com.facebook.spectrum:spectrum-png:1.3.0 directly depends on 4 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that the shared library is vulnerable, containing the following CVEs:
libspectrumpluginpng.so from C project libpng(version:1.6.35) exposed 1 vulnerabilities:
CVE-2018-14550
Suggested Vulnerability Patch Versions
libpng has fixed the vulnerabilities in versions >=1.6.37
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects.
Could you please upgrade the above shared libraries to their patch versions?
Hi, @lambdapioneer , @cuva , I'd like to report a vulnerability issue in com.facebook.spectrum:spectrum-png:1.3.0.
Issue Description
com.facebook.spectrum:spectrum-png:1.3.0 directly depends on 4 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that the shared library is vulnerable, containing the following CVEs:
libspectrumpluginpng.sofrom C project libpng(version:1.6.35) exposed 1 vulnerabilities: CVE-2018-14550Suggested Vulnerability Patch Versions
libpng has fixed the vulnerabilities in versions >=1.6.37
Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~ Best regards, Helen Parr