[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy update for libav

On 12.09.2016 00:46, Bálint Réczey wrote:
> Hi Hugo,
> 2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre <hle@debian.org>:
>> Hi,
>> I'd like to prepare an LTS upload for libav[0]. The upstream patch for
>> CVE-2016-7393 is very simple and could be grouped with patches from older
>> analogous CVEs like CVE-2015-8662 in a broad LTS upload.
>> Does anybody think it's a bad idea ? These CVEs are minor security
>> issues, so we could also mark them as no-dsa.
> Libav is special because we agreed to work with Diego Biurrun and Markus
> is his LTS connection:
> https://lists.debian.org/debian-lts/2016/08/msg00160.html
> I would wait for Markus' answer before preparing the update.


I agree that we should prepare an LTS upload for libav in the near
future now.

Diego, could you brief us on the status of your work in progress please?

I'm counting 22 open CVEs for libav at the moment. Which of them do you
intend to address with your fixes? Do you mind working together with
Hugo Lefeuvre on some issues? I could imagine you both could pool your
resources together.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: