On Fr, 2015-08-21 at 09:19 +0200, Michael Biebl wrote: > Hi Moritz! > > Am 21.08.2015 um 00:29 schrieb Moritz Muehlenhoff: > > Source: gdk-pixbuf > > Severity: important > > > > Hi, > > please disable jasper support in gdk-pixbuf. It's an abandoned > > code base with frequent security issues and JPEG2000 is an > > exotic fringe format unused in practice. > > > > We can keep it in the archive for scientific software etc, but > > let's not expose via gdk-pixbuf to exposed applications like > > Iceweasel. > > Jasper support was enabled in 2.21.6-1 back in 2010. > I didn't find any further explanation in debian/changelog why it was > enabled. > > slomo, do you remember the details?
It was enabled to get JPEG2000 support. Considering the state of jasper, I think it's a good idea to disable it at this point... and if JPEG2000 support is needed by someone, creating a gdk-pixbuf backend around openjpeg might be a better idea.
signature.asc
Description: This is a digitally signed message part
