Re: How to handle freeimage package

To: Sylvain Beucler <beuc@beuc.net>
Cc: Ola Lundqvist <ola@inguza.com>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: How to handle freeimage package
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 8 Apr 2024 17:34:47 +0200
Message-id: <[🔎] 20240408153447.GA29297@inutil.org>
In-reply-to: <[🔎] 788d220f-feb9-43fb-9d19-5520b3ffca0e@beuc.net>
References: <[🔎] CABY6=0=j5sgtEAhP-_3D1X-miXjjbp=SYD_QX8-runfBKJfBpQ@mail.gmail.com> <[🔎] 788d220f-feb9-43fb-9d19-5520b3ffca0e@beuc.net>

On Mon, Apr 08, 2024 at 01:59:55PM +0200, Sylvain Beucler wrote:
> Hi,
> 
> I think this requires a bit of coordination:
> - the package is basically dead upstream, there hasn't been a fix in the
> official repos, neither Debian or other distros attempted to fix them

Some of the past fixes got addressed by upstream. But the recent people
who run fuzzers never reported them upstream to the rather byzantine
Sourceforge bug tracker and only posted it some unrelated tree on
Github to get a CVE assigned.

So a useful next step would be to break those reports down into separate
bug reports and file them there so that upstream actually learns about
them.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: How to handle freeimage package
  - From: Adrian Bunk <bunk@debian.org>

References:
- How to handle freeimage package
  - From: Ola Lundqvist <ola@inguza.com>
- Re: How to handle freeimage package
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Re: How to handle freeimage package
Next by Date: Re: How to handle freeimage package
Previous by thread: Re: How to handle freeimage package
Next by thread: Re: How to handle freeimage package
Index(es):
- Date
- Thread