[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

exiv2 [was: January Report]

Brian May <bam@debian.org> writes:

> Next month I plan to continue to exiv2 (unless somebody else wants to take over
> at this point). It might also be worth spending time and assisting the security
> team fix exiv2 (and maybe tiff too) in the other distributions.

Since I looked at this last month, I have noticed that exiv2 has been
marked as no-DSA in Jessie and Stretch.

I have a fixed version - based on a patch that was approved and merged
upstream, which I am in the process of testing, however wondered if it
is still worth uploading?

The patch from upstream master applies to Wheezy without minimal changes
- in particular I had to remove the tests (there doesn't appear to be
any tests in wheezy) and make a small change in the name of the file

It seems a bit strange fixing a problem in wheezy, but not Jessie or
Brian May <bam@debian.org>

Reply to: