[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1089596: openjpeg2: Please package upstream version 2.5.2



Source: openjpeg2
Severity: important
User: debian-lts@lists.debian.org
Usertags: upstream-trixie
X-Debbugs-Cc: debian-lts@lists.debian.org

Dear openjpeg2 maintainer(s),

Testing (trixie) currently ships openjpeg2 2.5.0.  Upstream released
2.5.2 on Februray 28th 2024, and they are considering doing a 2.5.3
release soon:
https://groups.google.com/g/openjpeg/c/FKRHVlvWVDU/m/6A-SROGUAwAJ.

While I am not aware of any release schedule and EOL policy for
openjpeg2, I would say that the more recent release can be included in
trixie, the better. And the easier would be to provide security updates
to the users during the trixie life cycle. It is worth noting that
upstream has already fixed these two (minor) security issues:
https://security-tracker.debian.org/tracker/CVE-2019-6988
https://security-tracker.debian.org/tracker/CVE-2021-3575.

If you need or want help packaging this more recent upstream version,
please don't hesitate to speak up.  Someone from the LTS team, may be
interested in contributing (CC'ing debian-lts).

Best regards,

 -- Santiago, for the LTS Team.

Attachment: signature.asc
Description: PGP signature


Reply to: