[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#827397: RFS: vlc/2.0.3-5+deb7u3

On Wed, Jun 15, 2016 at 08:03:28PM +0200, Mateusz Łukasik wrote:
> I am looking for a sponsor for my package "vlc"
>  * Package name    : vlc
>    Version         : 2.0.3-5+deb7u3
> https://mentors.debian.net/debian/pool/main/v/vlc/vlc_2.0.3-5+deb7u3.dsc
>   Changes since the last upload:
>   Fix CVE-2016-5108. (Closes: #825728)

I've reviewed the upload, but I'm not sure if you coordinated it
with the LTS team.  I find a contradition:
says vlc is no longer supported in wheezy, yet in
the quoted mail sounds as if the upload is expected.

Should I proceed?

As I haven't ever made a security upload before, mine nor sponsored, let me
recap: I make a source-only upload targetted at wheezy-security to
security-master, right?

Tested on amd64, the patch indeed fixes the exploit posted in the CVE.

An imaginary friend squared is a real enemy.

Reply to: