debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #06768
[Bug 2122289] [NEW] [FFE] switch gdk-pixbuf loaders to wrap glycin
Public bug reported:
The latest version of gdk-pixbuf introduces the option to drop the
built-in image parsers (cause for many CVEs in the past) in favour of
delegating the image parsing to glycin
(https://launchpad.net/ubuntu/+source/glycin). In this case gdk-pixbuf
acts as an API layer wrapping libglycin: applications will keep using
the same API/ABIs and automatically benefit from the security advances
of glycin.
We would like to adopt this change for the security benefits.
The i386 build of gdk-pixbuf will be excluded by this change, because Ubuntu does not build glycin for i386.
The switch should be transparent to the vast majority of applications.
There is one known incompatibility, which is that glycin does not support the XPM image format which is used by some old software: https://gitlab.gnome.org/GNOME/glycin/-/issues/192
** Affects: gdk-pixbuf (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
The latest version of gdk-pixbuf introduces the option to drop the
built-in image parsers (cause for many CVEs in the past) in favour of
delegating the image parsing to glycin
(https://launchpad.net/ubuntu/+source/glycin). In this case gdk-pixbuf
acts as an API layer wrapping libglycin: applications will keep using
the same API/ABIs and automatically benefit from the security advances
of glycin.
- The i386 build of gdk-pixbuf will be excluded by these changes, because
- Ubuntu does not build glycin for i386.
+ We would like to adopt this change for the security benefits.
+ The i386 build of gdk-pixbuf will be excluded by this change, because Ubuntu does not build glycin for i386.
The switch should be transparent to the vast majority of applications.
There is one known incompatibility, which is that glycin does not support the XPM image format which is used by some old software: https://gitlab.gnome.org/GNOME/glycin/-/issues/192
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to gdk-pixbuf in Ubuntu.
https://bugs.launchpad.net/bugs/2122289
Title:
[FFE] switch gdk-pixbuf loaders to wrap glycin
Status in gdk-pixbuf package in Ubuntu:
New
Bug description:
The latest version of gdk-pixbuf introduces the option to drop the
built-in image parsers (cause for many CVEs in the past) in favour of
delegating the image parsing to glycin
(https://launchpad.net/ubuntu/+source/glycin). In this case gdk-pixbuf
acts as an API layer wrapping libglycin: applications will keep using
the same API/ABIs and automatically benefit from the security advances
of glycin.
We would like to adopt this change for the security benefits.
The i386 build of gdk-pixbuf will be excluded by this change, because Ubuntu does not build glycin for i386.
The switch should be transparent to the vast majority of applications.
There is one known incompatibility, which is that glycin does not support the XPM image format which is used by some old software: https://gitlab.gnome.org/GNOME/glycin/-/issues/192
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/2122289/+subscriptions
