Bug#987926: RM: gimp-dcraw, upstream gone, possible security flaws

To: submit@bugs.debian.org
Subject: Bug#987926: RM: gimp-dcraw, upstream gone, possible security flaws
From: Haowen Liu <liu.haowen.andy@gmail.com>
Date: Sat, 1 May 2021 23:49:49 -0700
Message-id: <[🔎] 4d8424ce-f12f-9115-4834-b5ed0912f29f@gmail.com>
Reply-to: Haowen Liu <liu.haowen.andy@gmail.com>, 987926@bugs.debian.org

Package: gimp-dcraw
Version: 1.32-1
Severity: serious

The gimp-dcraw plugin has not been updated for 13 years, with theupstream completely gone. This would mean possible unaddressed securityflaws.

Compare this to gimp-ufraw, which is a more fully featured version ofgimp-dcraw. gimp-ufraw is removed in 2019 due to "upstream gone,possible security issues" [1]. If gimp-ufraw should be consideredinsecure (last updated 2015), gimp-dcraw should as well (last updated 2008).

Further, as Chris mentioned in bug #987443 [2], its functionality issuperseded by gimp native functionalities is no longer useful.


[1] https://tracker.debian.org/news/1046384/removed-022-4-from-unstable/
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987443

Reply to:

Prev by Date: fsvs is marked for autoremoval from testing
Next by Date: Bug#987842: marked as done (ifenslave: non-trivial bonding configuration fails)
Previous by thread: fsvs is marked for autoremoval from testing
Next by thread: Bug#987842: marked as done (ifenslave: non-trivial bonding configuration fails)
Index(es):
- Date
- Thread