Hi, On Sun, Jan 14, 2024 at 03:54:59PM +0100, László Böszörményi wrote: > Hi Salvatore, > > On Sat, Jan 13, 2024 at 5:51 PM Salvatore Bonaccorso <car...@debian.org> > wrote: > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > I have fixed some issues, but as I see, not the root causes. Then > with my fixes I found that the reproducers may crash exiftags later by > other issues. > Contacted upstream if he plans to fix these by himself. Waiting for his reply.
Sounds like a good plan if there is (still) some activity from upstream. I do not think the isuses are particularly urgent, so take the time it needs to check with upstream availability. Regards, Salvatore