[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About the security issues affecting dcraw/ufraw/libraw/rawtherapee/rawstudio/exactimage/freeimage in Squeeze

Hi David,

(mostly using darkstar as an example. I don't event know that package - but I 
noticed that I decided not to care much about my squeeze-backports anymore (eg 
not to backport piuparts) while realizing I'd still do security fixes.)

On Mittwoch, 3. Juni 2015, David Bremner wrote:
> Sven Eckelmann <sven@narfation.org> writes:
> > [...] dcraw, darktable,
> > freeimage, rawstudio and xbmc most likely still need a patch. 
> Darktable is not in squeeze.  There is a version in squeeze backports,
> but I don't plan any further support for that. Of course, someone else
> is welcome to...

I'm not sure this is what the backports project is expecting, cc:ing them to 
get their input.

A possible solution would be to remove the backport if it's not supported 
security wise anymore, or, express this via the debian-security-support 
package (which doesn't support backports yet) or to cease oldoldstable-
backports alltogether, which I think would be unfortunate.

And finally, if the issue is not worth fixing, this can also be documented in 
the security tracker...


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: