[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy update for libav

On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote:
> > I'm counting 22 open CVEs for libav at the moment. Which of them do you
> > intend to address with your fixes? Do you mind working together with
> > Hugo Lefeuvre on some issues? I could imagine you both could pool your
> > resources together.
> (24 if we count the two issues marked no-dsa by the security team)
> Some CVE triage:
> Upstream patch applies directly, or almost:
>  CVE-2015-5479
> Upstream patch needs some (heavy) adaptations:
>  CVE-2015-1872 

I have already pushed fixes for these two CVEs to the 0.8 branch in
July.  I think I notified you, not sure if you put out a new Debian
release that includes the fixes.


Attachment: signature.asc
Description: Digital signature

Reply to: