This is the mail archive of the
mailing list for the Cygwin project.
Re: SECURITY: [ GLSA 200706-09 ] libexif: Buffer overflow
On Jul 25 01:42, Yaakov (Cygwin Ports) wrote:
> Corinna Vinschen wrote:
> > Never mind, I just found them. The directory layout is a bit weird
> > now:
> > - exif
> > - libexif
> > - libexif12
> > - libexif-devel
> > - libexif10
> Yeah, I know, that's how Gerrit set them up; should I move libexif
> immediately under release?
No worries, it's your call.
> > Why are libexif12 and libexif-devel not in the same directory level
> > as libexif10? Oh, and, do you also take over maintainance of libexif10
> > or is that still an orphaned package?
> libexif10 should be moved to _obsolete, and being that it's also
> affected by the buffer overflow, should be dropped like a hot potato.
I moved libexif10 to _obsolete.
Another question: The exif package was Gerrit's package, too, and
it's still on version 0.6.9. Any chance that you could take this one
over as well?
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com