[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: freeimage and CVE-2019-12214

Hi Cyrille

On Fri, 12 Apr 2024 at 16:32, Cyrille Bollu <cyrille@bollu.be> wrote:
>
> Hi Ola,
>
> Thank you for your help.
>
> So, IIUC:
>
> 1. CVE-2019-12214 shouldn't be assigned to freeimage in Debian Buster;
> 2. CVE-2019-12214 might be assigned to source package openjpeg2 or
> openjpeg (the later doesn't seem to be available in Buster though)

Yes, potentially so. At least if I understand the email from Santiago correctly.

freeimage build depends on libopenjp2-7-dev which is built from
openjpeg2 so in buster it is openjpeg2 where it should belong.

But I do not know whether we typically re-assign things like this or
not so I do not want to give advice for this. Better if someone else
who knows the practice answers this.

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
 ---------------------------------------------------------------
Reply to: