On Thu, Apr 04, 2024 at 03:47 AM, John Kehayias wrote:
> On Thu, Apr 04, 2024 at 02:50 AM, John Kehayias wrote:
>
>> Hello,
>>
>> On Thu, Apr 04, 2024 at 01:07 AM, Vinicius Monego wrote:
>>
>>> OpenEXR suffers from these vulnerabilities which were fixed in version
>>> 3.2.2 [1] and 3.1.4 [2], resp
On Thu, Apr 04, 2024 at 02:50 AM, John Kehayias wrote:
> Hello,
>
> On Thu, Apr 04, 2024 at 01:07 AM, Vinicius Monego wrote:
>
>> OpenEXR suffers from these vulnerabilities which were fixed in version
>> 3.2.2 [1] and 3.1.4 [2], respectively, while our version is currently
>> 3.1.3.
>>
>> The pack
Hello,
On Thu, Apr 04, 2024 at 01:07 AM, Vinicius Monego wrote:
> OpenEXR suffers from these vulnerabilities which were fixed in version
> 3.2.2 [1] and 3.1.4 [2], respectively, while our version is currently
> 3.1.3.
>
> The package contains 448 dependents, and a change in derivation
> shouldn't
OpenEXR suffers from these vulnerabilities which were fixed in version
3.2.2 [1] and 3.1.4 [2], respectively, while our version is currently 3.1.3.
The package contains 448 dependents, and a change in derivation
shouldn't be pushed to master, at least according to the patch
submission guidelin