Hi Carsten, On Tue, Jul 5, 2016 at 1:13 PM, Carsten Leonhardt <l...@debian.org> wrote: > maybe it would be possible to use 1.3.24 for a stable update? I think > the current situation with the unpatched graphicsmagick in stable is > quite unacceptable. I agree, graphicsmagick needs to be updated as soon as possible. I've identified all fixes that need backporting for Jessie, but those over one hundred. I had a quick mail with upstream that one fix caused regression, but as I know, it's fixed since then.
I don't think 1.3.24 would be an easy target for Jessie. Maybe apply the first set of patches, release it as a DSA, then add the others, a new DSA... But it's also not the best idea. I include the Security Team to this discussion, what they say about this. Regards, Laszlo/GCS
