On Sun, Mar 31, 2019 at 08:09:27PM +0100, Adam D. Barratt wrote: > On Thu, 2018-11-01 at 21:07 -0400, Roberto C.Sánchez wrote: > > On Thu, Nov 01, 2018 at 06:50:53PM +0000, Adam D. Barratt wrote: > > > Control: tags -1 + moreinfo > > > > > > On Wed, 2018-10-31 at 23:25 -0400, Roberto C. Sanchez wrote: > > > > I have prepared an update for exiv2 in jessie (0.24-4.1+deb8u2) > > > > related to CVE-2018-16336 and also including a minor fix to the > > > > previous patch for CVE-2018-10958 and CVE-2018-10999. > > > > > > The Security Tracker indicates that CVE-2018-16336 is as-yet > > > unfixed in > > > unstable; is that correct? > > > > > > > Hi Adam, > > > > That is correct. I completely overlooked it. I will check with the > > maintainers about their plans for unstable. > > Was there any progress there? The issue is still marked as affecting > unstable in the tracker. > No real progress. I sent a message [0] to the packaging team's mailing list that same day (1st November). Salvatore responded a few days later, but there was no response after that.
Regards, -Roberto [0] https://alioth-lists.debian.net/pipermail/pkg-kde-extras/2018-November/029728.html -- Roberto C. Sánchez
