Hi Chris, Le vendredi, 6 janvier 2017, 06.28:58 h CET Chris Lamb a écrit : > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of jbig2dec: > https://security-tracker.debian.org/tracker/source-package/jbig2dec > > Would you like to take care of this yourself? If you are referring to [CVE-2016-9601], it seems quite premature to fix this in Wheezy, as according to [GS:697457], there is currently no upstream fix available (so all our releases are apparently affected). I am not going to write a fix for that myself, at least, but feel free to coordinate this with upstream! -- Cheers, OdyX [CVE-2016-9601] https://security-tracker.debian.org/tracker/CVE-2016-9601 [GS:697457] https://bugs.ghostscript.com/show_bug.cgi?id=697457
Description: This is a digitally signed message part.