Markus Koschany wrote: > Just to be clear a new upstream libav doesn't need to coincide with a > Debian security update. It wouldn't do any harm though. Important is > that we only fix security related issues and leave possible features out > that are not strictly needed to fix the CVEs. This is not how libav security updates are handled in Debian; we've always shipped the 0.8.x and 11.x bugfix releases in -security. Cheers, Moritz