Hi there, Salvatore Bonaccorso, on 2026-06-21: > On Sun, Jun 21, 2026 at 10:13:43AM +0200, Étienne Mollier wrote: > > No worries, when I saw the multiple security announcements, I've > > suspected you might be a bit drowned, so I probably should not > > have insisted to double check the situation. I'm still > > intending to coordinate with stable release managers and will > > likely proceed later today. No hard feelings. ;) > > No worries at all, it is manageable, I just think still openslide is > better candidate to be batched with other updates in the upcoming > point release. It is good if you ask to double check if there are > uncertainities (better safe!).
Sounds good! I started the coordination work for upload to proposed-upgrades. It is tracked in #1140493 and #1140494. > > In the meantime, I've focused on integrating openslide 4.0.1, > > currently in experimental as it is going to require a > > transition. Up to version 4.0.0, openslide is affected by > > CVE-2026-54604 [1]; see also #1099727. Thankfully, if I trust > > the advisory on Github [2], Debian stable releases are not > > affected, because they ship with libtiff 4.7.0 or earlier, which > > do not trigger the vulnerability openslide. > > Ack we will look on how to update the tracker. Thanks for the update! > Thanks for all your work! You're welcome, I return the compliment for tracking the security of the system! Have a nice day, :) -- .''`. Étienne Mollier <[email protected]> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/3, please excuse my verbosity `-
signature.asc
Description: PGP signature
