On 12.09.2016 00:46, Bálint Réczey wrote: > Hi Hugo, > > 2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre <hle@debian.org>: >> Hi, >> >> I'd like to prepare an LTS upload for libav[0]. The upstream patch for >> CVE-2016-7393 is very simple and could be grouped with patches from older >> analogous CVEs like CVE-2015-8662 in a broad LTS upload. >> >> Does anybody think it's a bad idea ? These CVEs are minor security >> issues, so we could also mark them as no-dsa. > > Libav is special because we agreed to work with Diego Biurrun and Markus > is his LTS connection: > https://lists.debian.org/debian-lts/2016/08/msg00160.html > > I would wait for Markus' answer before preparing the update. Hi, I agree that we should prepare an LTS upload for libav in the near future now. Diego, could you brief us on the status of your work in progress please? I'm counting 22 open CVEs for libav at the moment. Which of them do you intend to address with your fixes? Do you mind working together with Hugo Lefeuvre on some issues? I could imagine you both could pool your resources together. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature