https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288306
Charlie Li <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Open |Closed Resolution|--- |Please Upstream --- Comment #17 from Charlie Li <[email protected]> --- (In reply to George Mitchell from comment #14) This bug was already assigned to the maintainer so adding CC did nothing. Both arrowd@ and myself (amongst others) are desktop@ (maintainer) members. (In reply to bagas from comment #13) And the upstream umbrella says "downstream vendors fend for themselves," including Debian, when it comes to pulling in non-qualified patches. Regardless, until the new upstream maintainer has a chance to get themselves more up to speed and such, you should regard this library as insecure regardless of any CVEs or lack thereof. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.
