I'm a bit lost how to handle upstreams that actively say they don't want to fix security issues - here exiv2 http://www.openwall.com/lists/oss-security/2017/06/30/1 …
Contacting downstream consumers of the library that might care has worked for me in the past.
-
-
that's gnome and kde, they're informed. also linux distros should read oss-sec, so... let's see
-
One example of where I did this: https://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.