Bug#684244: tiff code embedded in opencv and possibly may be out of date and vulnerable
Nobuhiro Iwamatsu
iwamatsu at nigauri.org
Tue Oct 9 00:04:39 UTC 2012
Hi,
> Package: opencv
> Severity: important
> Tags: security
>
> I have been working on a tool called Clonewise to automatically identify
> embedded code copies in Debian packages and determine if they are out of
> date and vulnerable. Ideally, embedding code and libraries should be
> avoided and a system wide library should be used instead.
As you say, opencv contains TIFF source code.
But Debian's opencv binary does not compile with contained sourse code.
This was compled with TIFF library of distributed by Debian.
Best regards,
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
More information about the debian-science-maintainers
mailing list