Brian May <b...@debian.org> writes: > Next month I plan to continue to exiv2 (unless somebody else wants to take > over > at this point). It might also be worth spending time and assisting the > security > team fix exiv2 (and maybe tiff too) in the other distributions.
Since I looked at this last month, I have noticed that exiv2 has been marked as no-DSA in Jessie and Stretch. I have a fixed version - based on a patch that was approved and merged upstream, which I am in the process of testing, however wondered if it is still worth uploading? The patch from upstream master applies to Wheezy without minimal changes - in particular I had to remove the tests (there doesn't appear to be any tests in wheezy) and make a small change in the name of the file patched. It seems a bit strange fixing a problem in wheezy, but not Jessie or Stretch. -- Brian May <b...@debian.org>
