On Sun, 22 Jan 2023 20:17:52 +0100 Bastian Germann <b...@debian.org> wrote:
Control: fixed -1 2.4.7.1+dfsg-1According to https://github.com/OpenImageIO/oiio/blob/dev-2.4/CHANGES.md, all the open CVEs are fixed with upstream version 2.4.6 or earlier. Please note that the CHANGES.md docuemnt was edited after 2.4.7.1 to contain more CVE IDs.
Can you please mark the CVEs as fixed? Sorry that I have missed to include them in the changelog.