[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security support for libav in Debian Wheezy

On 2016-08-17 21:04, Markus Koschany wrote:
On 26.07.2016 18:51, Diego Biurrun wrote:
Sorry, I'm afraid I maintained too much radio silence..

Yes, that happens. You don't need to wait until you have fixed all open
libav issues because LTS users will also benefit from a intermediate
release of your fixes. I believe we should work towards a release in the
near future now.

I agree. I'll roll some libav releases once a few more fixes have queued up.

On 2016-07-23 19:08, Markus Koschany wrote:
I am contacting you on behalf of the Debian LTS team. Two months ago you
voiced your interest in helping us to fix open security issues in libav.


Can you tell us more about the latest developments? If you have any
questions regarding Debian LTS work, please send them to the debian-lts
list and I will try to answer them in a timely manner.

I got sidetracked by other work and by trying to get access to the
Google ClusterFuzz samples[1].  I have access to a bunch of them now,
but not the whole lot and it turns out that I don't necessarily need
them in each and every case to port fixes.  So yeah, that was a bit of a
wild goose chase :-/

In any case I have the first set of three patches[2] queued up for
pushing to the 0.8 branch. I've sent them to the libav-devel mailing
list to give other devs a chance to react. I expect nobody to care about
stale branches, however. Thus the ETA for the patches to hit the 0.8
branch is tomorrow evening CET or the next morning at the latest.

I hope and expect to churn out a steady trickle of 1-3 backports per
week going forward while not on vacation now that I have all the pieces
for working with those old branches back in place.

I think it would be best if you pushed your current work to a public git
repository, so that we can help you to test the update and work on a

I already pushed all the fixes I sent to the libav release branches. You can pull from there.

I've been on holiday since last week, will be back on Tuesday. I'll bump backporting fixes up the priority queue next week.


Reply to: