exiv2 [was: January Report]
Brian May <bam@debian.org> writes:
> Next month I plan to continue to exiv2 (unless somebody else wants to take over
> at this point). It might also be worth spending time and assisting the security
> team fix exiv2 (and maybe tiff too) in the other distributions.
Since I looked at this last month, I have noticed that exiv2 has been
marked as no-DSA in Jessie and Stretch.
I have a fixed version - based on a patch that was approved and merged
upstream, which I am in the process of testing, however wondered if it
is still worth uploading?
The patch from upstream master applies to Wheezy without minimal changes
- in particular I had to remove the tests (there doesn't appear to be
any tests in wheezy) and make a small change in the name of the file
patched.
It seems a bit strange fixing a problem in wheezy, but not Jessie or
Stretch.
--
Brian May <bam@debian.org>
Reply to: