Bug#989775: OpenJPEG 2.5.2 fixes CVE-2021-3575

/NEWS.md -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk

Bug#989775: CVE-2021-3575

OpenJPEG 2.5.1 has been released https://groups.google.com/g/openjpeg/c/othStX49Yc8 and includes a fix https://github.com/uclouvain/openjpeg/pull/1509 for CVE-2021-3575. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk

Bug#1051921: CVE-2023-1393 and TigerVNC

predates the CVE. I guess this relates to the binary package tigervnc-standalone-server but the fix might be needed in one or more of the other tigervnc binary packages. Upstream discussion at https://groups.google.com/g/tigervnc-users/c/5dq5O2OAoQI -- Andrew C. Aitchison Kendal

Bug#1006179: [Pkg-clamav-devel] Bug#1006179: Bug#1006179: Bug#1006179: Bug#1006179: Bug#1006179: ClamAV 1.0.0 release candidate now available

t I'd stick with the standard Debian way. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk

Bug#1006179: [Pkg-clamav-devel] ClamAV 1.0.0 release candidate now available

). If you think tha'ts reasonable, I'll manually make the tarball and update git (including the pristine-tar branch so we can work with the same tarball)? How will that affect the non-free unrar package that Ubuntu ships ? -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk

Bug#1006179: [Pkg-clamav-devel] Bug#1006179: Bug#1006179: Bug#1006179: Bug#1006179: ClamAV 1.0.0 release candidate now available

that 13 is not a hard limit, just that it is the latest tested version ... -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk

Bug#1006179: ClamAV 1.0.0 release candidate now available

the Debian (and Ubuntu) release schedule you may wish to skip 0.104 (which is EOL) and 0.105 and go straight to 1.0 since it is LTS. I note that 0.105 (and presumably 1.0) requires *rust* and 0.104 (onwards?) requires CMake, so all options will need non-trivial effort. -- Andrew C. Aitchison