Hi Étienne, On Sun, Jun 21, 2026 at 10:13:43AM +0200, Étienne Mollier wrote: > Hi Salvatore, > > Salvatore Bonaccorso, on 2026-06-20: > > Sorry for the late followup, there was/is some backlog and openslide > > was not on topmost on the radar. I still think openslide would be good > > candidate for the point releases (which are approaching, rather than a > > dedicated security update). > > No worries, when I saw the multiple security announcements, I've > suspected you might be a bit drowned, so I probably should not > have insisted to double check the situation. I'm still > intending to coordinate with stable release managers and will > likely proceed later today. No hard feelings. ;)
No worries at all, it is manageable, I just think still openslide is better candidate to be batched with other updates in the upcoming point release. It is good if you ask to double check if there are uncertainities (better safe!). > In the meantime, I've focused on integrating openslide 4.0.1, > currently in experimental as it is going to require a > transition. Up to version 4.0.0, openslide is affected by > CVE-2026-54604 [1]; see also #1099727. Thankfully, if I trust > the advisory on Github [2], Debian stable releases are not > affected, because they ship with libtiff 4.7.0 or earlier, which > do not trigger the vulnerability openslide. Ack we will look on how to update the tracker. Thanks for all your work! Regards, Salvatore
