Hi Santiago On Mon, 15 Apr 2024 at 21:10, Santiago Ruano Rincón <santiag...@riseup.net> wrote: > > Hi Ola, > > As being discussed with Salvatore, there is not enough evidence to > conclude there is not any issue present on the freeimage side.
Do I understand correctly that the evidence that Cyrille provided is not enough? > We need > to be on the safe side, like *always*, and with marking freeimage as > <not-affected> we would stop tracking the issue. > To stay on the safe side, we need to keep tracking the issue. If we do not trust that analysis from Cyrille, I agree with you. > Hugo mentioned this refactoring commit that *could* have fixed the issue: > https://github.com/uclouvain/openjpeg/commit/c887df12a38ff1a2721d0c8a93b74fe1d02701a2 > Ref: > https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/#b887/4639 > But without any reproducer, it is hard to conclude the issue was fixed. Yes without a reproducer we cannot tell with absolute certainty, unless we create a new reproducer. > One possibility would be to mark it as <ignored>, but not as > <not-affected>. That is a possibility, yes. Is this what you propose then? > <postponed> wouldn't make sense since the reported > hasn't shared any more information in five years. That was new to me. I thought we did not <ignore> issues purely because we have not more info. But I agree with you that ignoring really old things for which we have no more info makes sense. I was not aware that it was an ok thing to do. > So please, don't close #947478 either. I won't. :-) // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
