This is the mail archive of the cygwin-apps mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 2017-03-24 14:02, Yaakov Selkowitz wrote:
On 2017-02-22 13:53, Yaakov Selkowitz wrote:No, the details are in the .spec file. In short, you want 1.900.13 plus the jasper-1.900.1-CVE-2008-3520.patch and jasper-1.900.13-CVE-2016-9583.patch patches.There are now additionally jasper-1.900.13-CVE-2016-9262.patch and jasper-1.900.13-CVE-2016-8654.patch.Once that's uploaded, then let's proceed with an upgrade to 2.0.10, which already has all the fixes along with the ABI version change.That's 2.0.12 now.
Unfortunately, some of my packages ended up being built against the later libjasper1, so it's too late to revert this cleanly. Therefore, I have left it alone, uploaded 2.0.12, and rebuilt all my dependent packages.
Marco, that leaves your gdal and GraphicsMagick as the only packages still using libjasper1.
-- Yaakov
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |