Pierre Langlois writes:

> Hi Brendan,
>
> Brendan Tildesley writes:
>
>> I should apologise. I also prepared this same patch to submit over a
>> year or two ago but ended up neglecting it. I also discovered these two
>> CVE patches (attached)  from another distribution that i was going to
>> add. Perhaps the best solution is to switch to git-reference and choose
>> a more recent commit that includes all these fixes. Your patch is in
>> master at
>> https://github.com/taglib/taglib/commit/9336c82da3a04552168f208cd7a5fa4646701ea4
>> and the two I attached are also in master.
>
> No worries! Yeah I think it's a good to just use a git-reference in this
> case, I'll try that and submit another patch, thanks for the suggestion!

I wasn't so sure which recent commit to use, but then I saw there was a
1.12-beta-1 pre-release from September 2019 so I thought we'd use that.
Looking at some discussions upstream [0], it might still be a while
until we get a proper release though :-/

0: https://github.com/taglib/taglib/issues/864#issuecomment-631874581