The remaining CVE's have recently been fixed (or will be once the last MR lands) in the library's repo. Also, importantly, the one CVE fix that Ubuntu did ship last year broke the library's normal operation, making it less than useful for decoding
Resubscribing ubuntu-security-sponsors since while these aren't debdiffs, it would be good to get the package updated to address the remaining CVEs and restore functionality.
The remaining CVE's have recently been fixed (or will be once the last MR lands) in the library's repo. Also, importantly, the one CVE fix that Ubuntu did ship last year broke the library's normal operation, making it less than useful for decoding
Resubscribing ubuntu- security- sponsors since while these aren't debdiffs, it would be good to get the package updated to address the remaining CVEs and restore functionality.