Hi Cyrille On Fri, 12 Apr 2024 at 16:32, Cyrille Bollu <cyri...@bollu.be> wrote: > > Hi Ola, > > Thank you for your help. > > So, IIUC: > > 1. CVE-2019-12214 shouldn't be assigned to freeimage in Debian Buster; > 2. CVE-2019-12214 might be assigned to source package openjpeg2 or > openjpeg (the later doesn't seem to be available in Buster though)
Yes, potentially so. At least if I understand the email from Santiago correctly. freeimage build depends on libopenjp2-7-dev which is built from openjpeg2 so in buster it is openjpeg2 where it should belong. But I do not know whether we typically re-assign things like this or not so I do not want to give advice for this. Better if someone else who knows the practice answers this. // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
