Dear maintainers, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of opencv: https://security-tracker.debian.org/tracker/CVE-2016-1516 https://security-tracker.debian.org/tracker/CVE-2017-12597 https://security-tracker.debian.org/tracker/CVE-2017-12598 https://security-tracker.debian.org/tracker/CVE-2017-12599 https://security-tracker.debian.org/tracker/CVE-2017-12601 https://security-tracker.debian.org/tracker/CVE-2017-12603 https://security-tracker.debian.org/tracker/CVE-2017-12604 https://security-tracker.debian.org/tracker/CVE-2017-12605 https://security-tracker.debian.org/tracker/CVE-2017-12606 https://security-tracker.debian.org/tracker/CVE-2017-12682 https://security-tracker.debian.org/tracker/CVE-2017-12863 https://security-tracker.debian.org/tracker/CVE-2017-12864
CVE-2017-12597 seems to cover also 12598 to 12606, but you are free to check that to be sure. Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development In addition there are a few vulnerabilities that are classified as minor but you are welcometo fix them as well. If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of opencv updates for the LTS releases. Thank you very much. Ola Lundqvist, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
