On 03.06.2014 23:20, Toshio Kuratomi wrote:
https://apps.fedoraproject.org/packages/lcms/bugs/all lists a CVE. If lcms-11 is no longer going to be maintained in Fedora that (and any other) security flaws won't be addressed. It's therefore advisable for them to update to the new version of lcms if feasible. The affected packager would likely want to take ownership of lcms-1 and patch the security issues.
-Toshio
If it is a matter of patching security issues for the remaining lifetime of F19 and F20, I don't mind doing so if no-one of the current maintainers will.
Sandro