Source: libopenraw Version: 0.1.2-0.2 Severity: wishlist X-Debbugs-Cc: tumb...@packages.debian.org Control: affects -1 + tumbler-plugins-extra
While investigating whether libopenraw's dependency on GTK 2 can be removed (which it can, see #967585), I noticed that the version of libopenraw in Debian is from 2018 and there have been 12 new upstream releases since then. With this being file parsing code, I'm concerned that this might mean unfixed security issues (although I don't see any obvious security fixes in the upstream NEWS). tumbler-plugins-extra seems to be the only package in Debian that makes use of libopenraw (gegl also has a Build-Depends on it, but it seems to be unused there) so the maintainers of tumbler might be interested in salvaging libopenraw to have a high-quality version to depend on if its current Debian maintainer is no longer active? smcv