[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of libvpx?

On Thu, 2015-08-20 at 10:09 +0300, Sebastian Dröge wrote:
> Hi,
> On Mi, 2015-08-19 at 23:29 +0200, ben@decadent.org.uk wrote:
> > Hello dear maintainer(s),
> > 
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of libvpx:
> > https://security-tracker.debian.org/tracker/CVE-2015-4485
> > https://security-tracker.debian.org/tracker/CVE-2015-4486
> > 
> > Would you like to take care of this yourself? We are still 
> > understaffed so any help is always highly appreciated.
> I would update the package, but unfortunately I don't know what changes
> are fixing these CVEs and there's not much information publically
> available.

Yes, I realised that when trying to work out whether squeeze is

> The only thing I know is that it's fixed by 1.4.0, but I
> assume you don't want to update to that as it includes lots of changes.

No I don't think so.


Ben Hutchings
The generation of random numbers is too important to be left to chance.
                                                            - Robert Coveyou

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: