Bug#827397: RFS: vlc/2.0.3-5+deb7u3
- To: Gianfranco Costamagna <locutusofborg@debian.org>
- Cc: 827397@bugs.debian.org
- Subject: Bug#827397: RFS: vlc/2.0.3-5+deb7u3
- From: Raphael Hertzog <hertzog@debian.org>
- Date: Sat, 1 Oct 2016 08:46:02 +0200
- Message-id: <[🔎] 20161001064602.qvhiycn4cusdofjo@home.ouaza.com>
- Reply-to: Raphael Hertzog <hertzog@debian.org>, 827397@bugs.debian.org
- In-reply-to: <74ec7475-4ec6-49f8-dcd4-6e670d3f10d3@debian.org>
- References: <182c7489-c5cc-aba6-312d-0dc275ec09a0@linuxmint.pl> <20160616063900.GB6580@angband.pl> <633483763.6824712.1466060029956.JavaMail.yahoo@mail.yahoo.com> <20160616071247.GD6580@angband.pl> <20160910125738.fslmvx6uu7lg7kxs@chase.mapreri.org> <7ee160f2-9f40-7558-84b0-94334853a970@linuxmint.pl> <20160911195336.tf4n7g7ed3eucgcr@chase.mapreri.org> <20160911195336.tf4n7g7ed3eucgcr@chase.mapreri.org> <74ec7475-4ec6-49f8-dcd4-6e670d3f10d3@debian.org>
Hi,
On Fri, 30 Sep 2016, Gianfranco Costamagna wrote:
> > The real question is: is this upload ACKed by the LTS team? I don't
> > have a hold on LTS workflow, and in my thoughts I believe uploads have
> > to be ACKed, pretty much like regular security uploads, and stable
> > uploads?
>
> can we please have an ack/nack about this VLC security update?
Everything relevant was already said: vlc is unsupported so we basically
don't care.
That said any upload should come with its DLA announce mail and there you
should explain that this is a one-off contribution on an otherwise
unsupported package and that it doesn't mean that the package is
supported.
There are two other unfixed CVE so the package remains vulnerable in
general:
https://security-tracker.debian.org/tracker/source-package/vlc
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: