I was looking over my project, getting ready to build an install package, when I noticed that it requires some rather outdated libraries. In particular, SDL_Image.dll links to libpng12-0.dll. I’m not sure what version of libpng that is, but I do know that the last modified date on the file on my HD says February '09, and libpng has released at least three security vulnerability patches since then.
How much work would it take to do a quick security/up-to-dateness audit of the dependencies of the core SDL libraries and make sure they’re linking against the most modern versions?
The latest SDL_image release is built with the latest version of
libpng, built October 17 2009. If you’re using an older version you
should upgrade ASAP for the security fixes.On Wed, Nov 18, 2009 at 9:25 PM, Mason Wheeler wrote:
I was looking over my project, getting ready to build an install package,
when I noticed that it requires some rather outdated libraries.? In
particular, SDL_Image.dll links to libpng12-0.dll.? I’m not sure what
version of libpng that is, but I do know that the last modified date on the
file on my HD says February '09, and libpng has released at least three
security vulnerability patches since then.
How much work would it take to do a quick security/up-to-dateness audit of
the dependencies of the core SDL libraries and make sure they’re linking
against the most modern versions?