Markus Koschany wrote:
> Just to be clear a new upstream libav doesn't need to coincide with a
> Debian security update. It wouldn't do any harm though. Important is
> that we only fix security related issues and leave possible features out
> that are not strictly needed to fix the CVEs.
This is not how libav security updates are handled in Debian; we've
always shipped the 0.8.x and 11.x bugfix releases in -security.
Cheers,
Moritz