Leo Famulari <l...@famulari.name> writes: > There are several open security bugs in our package of OpenJPEG 2.3.0: > > http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg > > `guix refresh -l openjpeg` reports that several thousand packages would > need to be rebuilt if we changed OpenJPEG, so we will need to fix these > bugs by cherry-picking the upstream bugfix patches in a grafted > replacement package. > > If anyone is interested in doing the work and needs advice, please ask > for help :) > > These are the CVE identifiers: > > CVE-2017-17479 > CVE-2018-5727 > CVE-2018-5785 > CVE-2018-6616 > CVE-2018-7648 > CVE-2018-14423 > CVE-2018-16375 > CVE-2018-16376 > CVE-2018-17480 > CVE-2018-18088
I believe commit 0e2b0b05accdea7c3f016f8483d0ec04021114d3 fixed these.
signature.asc
Description: PGP signature
