Could you help upgrade the vulnerble shared library introduced by package emcore?

[andy201709]

Hi, @delarosatrevin , @joton , I'd like to report a vulnerability issue in emcore_0.0.5.

Dependency Graph between Python and Shared Libraries

Issue Description

As shown in the above dependency graph, emcore_0.0.5 directly or transitively depends on 4 C libraries (.so). However, I noticed that one C libraries are vulnerable, containing the following CVEs:
libpng12-640ca796.so.0.49.0 from C project libpng(version:1.2.54) exposed 10 vulnerabilities:
CVE-2011-3045, CVE-2014-9495, CVE-2013-7354, CVE-2013-7353,CVE-2017-12652, CVE-2015-8472, CVE-2016-10087, CVE-2016-3751, CVE-2015-0973, CVE-2015-8540

Suggested Vulnerability Patch Versions

libpng has fixed the vulnerabilities in versions >=1.6.32

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Andy

[azazellochg]

https://github.com/andy201709 this is clearly a scripted bot. But I doubt emcore is developed anymore