John Ellson <[EMAIL PROTECTED]> (16/08/2007): > A new release of graphviz is now available from: > http://www.graphviz.org/pub/graphviz/ARCHIVE/graphviz-2.14.1.tar.gz > > This is mostly a bugfix release, see ChangeLog for details.
Just to keep other people posted, I'll finally wait for 2.16, which is due soon. See the changelog of 2.12-5 [1] if someone is wondering why I've been so long between 2.12-4 and 2.12-5. Things aren't always trivial. 1. http://packages.debian.org/changelogs/pool/main/g/graphviz/current/changelog.html Depending on the timing of the 2.16 release, I might upload 2.12-5~bpo40-1 to backports.org, so that stable users can get a version newer than 2.8… > It now will use libgd >= 2.0.34 if available on the build platform, or > use gd-2.0.35 derived internal sources otherwise. (gd-2.0.35 included > security fixes.) Thanks for outlining this. I discovered when reporting security issues (embedded code copies) in ardour that graphviz is listed on [2]. 2. http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file I'll ensure that the Right Thing is done (i.e. ensuring that an appropriate version is available during the build, and not using the embedded copy). That'll help the Security Team keep track of possible issues in libgd. Cheers, -- Cyril Brulebois
signature.asc
Description: Digital signature
