[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security support for libav in Debian Wheezy


On 26.07.2016 18:51, Diego Biurrun wrote:
> Sorry, I'm afraid I maintained too much radio silence..

Yes, that happens. You don't need to wait until you have fixed all open
libav issues because LTS users will also benefit from a intermediate
release of your fixes. I believe we should work towards a release in the
near future now.

> On 2016-07-23 19:08, Markus Koschany wrote:
>> I am contacting you on behalf of the Debian LTS team. Two months ago you
>> voiced your interest in helping us to fix open security issues in libav.
>> https://security-tracker.debian.org/tracker/source-package/libav
>> Can you tell us more about the latest developments? If you have any
>> questions regarding Debian LTS work, please send them to the debian-lts
>> list and I will try to answer them in a timely manner.
> I got sidetracked by other work and by trying to get access to the
> Google ClusterFuzz samples[1].  I have access to a bunch of them now,
> but not the whole lot and it turns out that I don't necessarily need
> them in each and every case to port fixes.  So yeah, that was a bit of a
> wild goose chase :-/
> In any case I have the first set of three patches[2] queued up for
> pushing to the 0.8 branch. I've sent them to the libav-devel mailing
> list to give other devs a chance to react. I expect nobody to care about
> stale branches, however. Thus the ETA for the patches to hit the 0.8
> branch is tomorrow evening CET or the next morning at the latest.
> I hope and expect to churn out a steady trickle of 1-3 backports per
> week going forward while not on vacation now that I have all the pieces
> for working with those old branches back in place.

I think it would be best if you pushed your current work to a public git
repository, so that we can help you to test the update and work on a



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: