I think part of the point I noticed didn&#39;t got understood/seen by people answering on this topic.<br>I&#39;ll rephrase my wondering differently.<br><br>Syslinux is a modern bootloader and use some libs (a zlib, a png one, a jpeg one, maybe other ...).<br>
<br>The patch I was talking about is about to change the png lib with the main argument about the security. A possible scenario with a png attack.<br><br>My point is that if we care about the security of the bootloaders regarding this kind of scenario, our work is very partial.<br>
If we want to stay consitent, we have to remove the jpeg lib too, the compression libs also.<br><br>And this is true about all the other bootloaders. Did someone already thought about managing the security of the builtin libs inside gfxboot ?<br>
Do we care about the gunzip code of grub ?<br><br>Being that intrusive regarding the static inclusion of this libs inside the bootloaders is just a work to report upstream and not the distro side.<br>Only focusing on changing the libpng or not of syslinux isn&#39;t enough....<br>
<br>Honestly, for me this really sounds like cutting hairs in 4 with a hammer.<br>