El 26/02/18 a las 10:55, Jeff Breidenbach escribió: > >Was upstream's position also to remove those binaries? > > Yes. > > >Upstream was unable to provide a patch? > > Yes. Upstream decided that it was not worth the time to make a patch. > > Leptonica is a large image processing library. It also contains source code > for many (over 200) example programs that use the library. From these example > programs, a small number (about 10) are built and ship as part of the > leptonica-progs > binary package. > > Bug #830660 noticed that some of these programs were insecure. The affected > programs were not very important, and my best guess is nobody uses them. So > after discussion with upstream, I removed them from the Debian package. > Because > the programs are probably not used, I don't have a strong opinion about what > happens with Wheezy. > > Does this help? Yes, thank you. Since the affected programs are note very important, I'd say now the issue is not serious enough to modify the jessie and wheezy packages. Other opinions?
Attachment:
signature.asc
Description: PGP signature