Richard W.M. Jones wrote:
We've found a bug in libjpeg (mingw32-libjpeg, a package for the
Windows cross-compiler). It's actually a segfault, so is possibly a
security issue:
https://bugzilla.redhat.com/show_bug.cgi?id=497492
Anyhow, the patch needs to go upstream. Am I right in thinking that
libjpeg doesn't have an active upstream? (latest version, the one
which everyone uses, was released 11 years ago) Is there any project
to resurrect libjpeg?
Rich.
Yes and no. The Sourceforge project is the official upstream, but
development there is in a funny state. The current maintainer has
essentially abandoned version 6 and is working on version 7, but isn't
committing to CVS or published more than a beta, and nothing advertises
any of this on Sourceforge or anywhere else. I made an attempt to
reignite things and get a maintenance release of version 6 out, with
various patches that most distros carry or want included, such as the
crop patch, but haven't gotten very far. Please bring this up on the
mailing list associated with the libjpeg sourceforge project and we'll
see where we can go with it. I'm not sure if Guido has addressed your
issue in version 7, but if it's got security ramifications, we need to
get it out there. Adam Tkac also expressed interest in contributing
some patches, so he's also someone we'll want to involve.
Jon
--
in your fear, speak only peace
in your fear, seek only love
-d. bowie
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
