The USN-3712-1 and USN-3712-2 libpng vulnerabilities are fixed automatically and installed on SecureDrop production instances. I received the following OSSEC alert.
OSSEC HIDS Notification.
2018 Jul 12 04:34:26
Received From: (app) A.B.C.D->/var/log/dpkg.log
Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed."
Portion of the log(s):
2018-07-12 04:34:25 status installed libpng12-0:amd64 1.2.50-1ubuntu2.14.04.3
--END OF NOTIFICATION