exiv2 [was: January Report]

To: debian-lts@lists.debian.org
Subject: exiv2 [was: January Report]
From: Brian May <bam@debian.org>
Date: Mon, 05 Feb 2018 17:44:31 +1100
Message-id: <[🔎] 87inbcvsts.fsf@prune.linuxpenguins.xyz>
In-reply-to: <877erzopwu.fsf@prune.linuxpenguins.xyz>
References: <877erzopwu.fsf@prune.linuxpenguins.xyz>

Brian May <bam@debian.org> writes:

> Next month I plan to continue to exiv2 (unless somebody else wants to take over
> at this point). It might also be worth spending time and assisting the security
> team fix exiv2 (and maybe tiff too) in the other distributions.

Since I looked at this last month, I have noticed that exiv2 has been
marked as no-DSA in Jessie and Stretch.

I have a fixed version - based on a patch that was approved and merged
upstream, which I am in the process of testing, however wondered if it
is still worth uploading?

The patch from upstream master applies to Wheezy without minimal changes
- in particular I had to remove the tests (there doesn't appear to be
any tests in wheezy) and make a small change in the name of the file
patched.

It seems a bit strange fixing a problem in wheezy, but not Jessie or
Stretch.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: exiv2 [was: January Report]
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Wheezy update of simplesamlphp?
Next by Date: Re: exiv2 [was: January Report]
Previous by thread: Re: Wheezy update of dokuwiki?
Next by thread: Re: exiv2 [was: January Report]
Index(es):
- Date
- Thread