On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote: > > I'm counting 22 open CVEs for libav at the moment. Which of them do you > > intend to address with your fixes? Do you mind working together with > > Hugo Lefeuvre on some issues? I could imagine you both could pool your > > resources together. > > (24 if we count the two issues marked no-dsa by the security team) > > Some CVE triage: > > Upstream patch applies directly, or almost: > CVE-2015-5479 > > Upstream patch needs some (heavy) adaptations: > CVE-2015-1872 I have already pushed fixes for these two CVEs to the 0.8 branch in July. I think I notified you, not sure if you put out a new Debian release that includes the fixes. Diego
Attachment:
signature.asc
Description: Digital signature