Re: freeimage and CVE-2019-12214
Hi Cyrille
On Fri, 12 Apr 2024 at 16:32, Cyrille Bollu <cyrille@bollu.be> wrote:
>
> Hi Ola,
>
> Thank you for your help.
>
> So, IIUC:
>
> 1. CVE-2019-12214 shouldn't be assigned to freeimage in Debian Buster;
> 2. CVE-2019-12214 might be assigned to source package openjpeg2 or
> openjpeg (the later doesn't seem to be available in Buster though)
Yes, potentially so. At least if I understand the email from Santiago correctly.
freeimage build depends on libopenjp2-7-dev which is built from
openjpeg2 so in buster it is openjpeg2 where it should belong.
But I do not know whether we typically re-assign things like this or
not so I do not want to give advice for this. Better if someone else
who knows the practice answers this.
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
| ola@inguza.com opal@debian.org |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
---------------------------------------------------------------
Reply to: