On Fri, May 19, 2017 at 01:06:08PM +0200, Adam Cecile wrote: > Control:retitle -1 RFS: jasper/2.0.13+dfsg-1 -- JasPer JPEG-2000 runtime > library > > Hi, > > I finished the updated package and reviewed all the CVEs patches that were > included. > Everything is documented in the changelog and there's only one patch not > merged yet but I pull-requested it on GitHub. > > I guess it's sadly way too late to get it back for Stretch, but anyway, that > would be great to have it in unstable.
This is not a one-off upload, jasper causes a significant security maintenance overhead. Please only sponsor/upload that if you're also fully available to adress stable-security. If you're proceeding with this in unstable, then I also expect you to deal with src:jasper in jessie from this point forward. We should rather stick with one implementation, namely openjpeg2. Why don't you port opencv instead? Cheers, Moritz