This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: SECURITY: [ GLSA 200706-09 ] libexif: Buffer overflow
On Jul 25 01:42, Yaakov (Cygwin Ports) wrote:
> Corinna Vinschen wrote:
> > Never mind, I just found them. The directory layout is a bit weird
> > now:
> >
> > - exif
> > - libexif
> > - libexif12
> > - libexif-devel
> > - libexif10
>
> Yeah, I know, that's how Gerrit set them up; should I move libexif
> immediately under release?
No worries, it's your call.
> > Why are libexif12 and libexif-devel not in the same directory level
> > as libexif10? Oh, and, do you also take over maintainance of libexif10
> > or is that still an orphaned package?
>
> libexif10 should be moved to _obsolete, and being that it's also
> affected by the buffer overflow, should be dropped like a hot potato.
I moved libexif10 to _obsolete.
Another question: The exif package was Gerrit's package, too, and
it's still on version 0.6.9. Any chance that you could take this one
over as well?
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat