Marius Bakke writes: > Alex Vong writes: > >> Hi, >> >> This patch update lcms to 2.8: > > Thank you for this! > Thanks for the review too! >> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch' >> fixed has been assigned CVE-2016-10165 according to [0], should we >> change the name of the patch? >> >> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 > > Good catch. Would you like to do it? > > Could you submit this patch against the 'core-updates' branch? LCMS > causes ~1800 rebuilds which is too much for 'master'. The CVE patch has > also been 'un-grafted' in core-updates, so the context will be slightly > different. TIA! Sure, the patches are here: