On 2016-07-23 19:08, Markus Koschany wrote:
I am contacting you on behalf of the Debian LTS team. Two months ago you
voiced your interest in helping us to fix open security issues in libav.
https://security-tracker.debian.org/tracker/source-package/libav
Can you tell us more about the latest developments? If you have any
questions regarding Debian LTS work, please send them to the debian-lts
list and I will try to answer them in a timely manner.
I got sidetracked by other work and by trying to get access to the
Google ClusterFuzz samples[1]. I have access to a bunch of them now,
but not the whole lot and it turns out that I don't necessarily need
them in each and every case to port fixes. So yeah, that was a bit of a
wild goose chase :-/
In any case I have the first set of three patches[2] queued up for
pushing to the 0.8 branch. I've sent them to the libav-devel mailing
list to give other devs a chance to react. I expect nobody to care about
stale branches, however. Thus the ETA for the patches to hit the 0.8
branch is tomorrow evening CET or the next morning at the latest.
I hope and expect to churn out a steady trickle of 1-3 backports per
week going forward while not on vacation now that I have all the pieces
for working with those old branches back in place.