There are several open security bugs in our package of OpenJPEG 2.3.0: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg
`guix refresh -l openjpeg` reports that several thousand packages would need to be rebuilt if we changed OpenJPEG, so we will need to fix these bugs by cherry-picking the upstream bugfix patches in a grafted replacement package. If anyone is interested in doing the work and needs advice, please ask for help :) These are the CVE identifiers: CVE-2017-17479 CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2018-7648 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-17480 CVE-2018-18088
signature.asc
Description: PGP signature
