Source: openjpeg2 Severity: important User: [email protected] Usertags: upstream-trixie X-Debbugs-Cc: [email protected]
Dear openjpeg2 maintainer(s), Testing (trixie) currently ships openjpeg2 2.5.0. Upstream released 2.5.2 on Februray 28th 2024, and they are considering doing a 2.5.3 release soon: https://groups.google.com/g/openjpeg/c/FKRHVlvWVDU/m/6A-SROGUAwAJ. While I am not aware of any release schedule and EOL policy for openjpeg2, I would say that the more recent release can be included in trixie, the better. And the easier would be to provide security updates to the users during the trixie life cycle. It is worth noting that upstream has already fixed these two (minor) security issues: https://security-tracker.debian.org/tracker/CVE-2019-6988 https://security-tracker.debian.org/tracker/CVE-2021-3575. If you need or want help packaging this more recent upstream version, please don't hesitate to speak up. Someone from the LTS team, may be interested in contributing (CC'ing debian-lts). Best regards, -- Santiago, for the LTS Team.
signature.asc
Description: PGP signature
