On Thursday, 26 January 2017 21:05:46 EST Ola Lundqvist wrote: > > I started to work on fixing jbig2dec/wheezy for > > https://security-tracker.debian.org/tracker/CVE-2016-9601 but > > the patch that allegedly fixes the current issue is rather invasive > > and while looking at the git history you will quickly see > > that allmost all the changes since the version that we have in wheezy and > > jessie are potential security issues that were never assigned any CVE: > > http://git.ghostscript.com/?p=jbig2dec.git;a=shortlog
Hi Ola and Raphael, First, sorry for delay in the answer. About the jbig2dec, how can be sure that we are not breaking user programs linked to the lib? /l
