Re: Security support for libav in Debian Wheezy
Sorry, I'm afraid I maintained too much radio silence..
On 2016-07-23 19:08, Markus Koschany wrote:
I am contacting you on behalf of the Debian LTS team. Two months ago you
voiced your interest in helping us to fix open security issues in libav.
Can you tell us more about the latest developments? If you have any
questions regarding Debian LTS work, please send them to the debian-lts
list and I will try to answer them in a timely manner.
I got sidetracked by other work and by trying to get access to the
Google ClusterFuzz samples. I have access to a bunch of them now,
but not the whole lot and it turns out that I don't necessarily need
them in each and every case to port fixes. So yeah, that was a bit of a
wild goose chase :-/
In any case I have the first set of three patches queued up for
pushing to the 0.8 branch. I've sent them to the libav-devel mailing
list to give other devs a chance to react. I expect nobody to care about
stale branches, however. Thus the ETA for the patches to hit the 0.8
branch is tomorrow evening CET or the next morning at the latest.
I hope and expect to churn out a steady trickle of 1-3 backports per
week going forward while not on vacation now that I have all the pieces
for working with those old branches back in place.
best regards, Diego
 Things with names like
that go along references to Mateusz "j00ru" Jurczyk and Gynvael Coldwind.
 One backport from the Debian package, CVE-2015-1872, CVE-2015-5479.