Retiring package: ocaml-camlimages
Richard W.M. Jones
rjones at redhat.com
Fri Oct 16 15:47:24 UTC 2009
Just a note to say that I'm going to retire the package
ocaml-camlimages and ask it to be removed from Fedora.
Reasons:
(a) Series of security problems have arisen with the C code
for loading images[1].
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3296
(b) Upstream totally unresponsive, despite repeated appeals.
(c) Nothing else in Fedora requires it.
(d) There are alternate ways to do image processing.
Rich.
[1] We fixed one today, then discovered another one which is
still not fixed.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 79 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
More information about the fedora-devel-list
mailing list