Hi Salvatore, Salvatore Bonaccorso, on 2026-06-20: > Sorry for the late followup, there was/is some backlog and openslide > was not on topmost on the radar. I still think openslide would be good > candidate for the point releases (which are approaching, rather than a > dedicated security update).
No worries, when I saw the multiple security announcements, I've suspected you might be a bit drowned, so I probably should not have insisted to double check the situation. I'm still intending to coordinate with stable release managers and will likely proceed later today. No hard feelings. ;) In the meantime, I've focused on integrating openslide 4.0.1, currently in experimental as it is going to require a transition. Up to version 4.0.0, openslide is affected by CVE-2026-54604 [1]; see also #1099727. Thankfully, if I trust the advisory on Github [2], Debian stable releases are not affected, because they ship with libtiff 4.7.0 or earlier, which do not trigger the vulnerability openslide. [1]: https://security-tracker.debian.org/tracker/CVE-2026-54604 [2]: https://github.com/openslide/openslide/security/advisories/GHSA-f734-jv98-5677 Have a nice day, :) -- .''`. Étienne Mollier <[email protected]> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/2, please excuse my verbosity `-
signature.asc
Description: PGP signature
