Several vulnerabilities in the shared libraries which omim-pytraffic depends on. Could you help upgrade to patch versions?

[andy201709]

Hi, @biodranik , @vng , I'd like to report a vulnerability issue in omim-pytraffic_10.3.0rc2.

Dependency Graph between Python and Shared Libraries

Issue Description

As shown in the above dependency graph, omim-pytraffic_10.3.0rc2 directly or transitively depends on 11 C libraries (.so). However, I noticed that some C libraries are vulnerable, containing the following CVEs:
libk5crypto-ab4ddf4c.so.3.1 from C project krb5(version:1.13.2) exposed 4 vulnerabilities:
CVE-2021-37750, CVE-2021-36222, CVE-2015-8629, CVE-2015-8630
libpng12-640ca796.so.0.49.0 from C project libpng(version:<=1.2.54) exposed 10 vulnerabilities:
CVE-2011-3045, CVE-2014-9495, CVE-2013-7354, CVE-2013-7353, CVE-2017-12652, CVE-2015-8472, CVE-2016-10087, CVE-2016-3751, CVE-2015-0973, CVE-2015-8540

Suggested Vulnerability Patch Versions

krb5 has fixed the vulnerabilities in versions >=1.19.3
libpng has fixed the vulnerabilities in versions >=1.6.32

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (omim-pytraffic has 1,069 downloads per month), could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Andy

[vng]

Hm, we don't build/release/maintain this package. It was made by maps.me team several years ago ..
We are focused on mobile app.