[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update for libass ?


On 2016-10-12 00:13:30, Markus Koschany wrote:
> On 09.10.2016 23:36, Hugo Lefeuvre wrote:
> > Hello dear maintainer(s),
> > 
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Wheezy version of libass:
> > https://security-tracker.debian.org/tracker/source-package/libass
> > 
> > Would you like to take care of this yourself?
> [...]
> Hello,
> I have prepared a security update for libass in Wheezy but I think the
> patches can be reused for Jessie as well. I have also marked
> CVE-2016-7970 as fixed in Wheezy and it looks to me this also applies to
> Jessie. I'd be glad if you could take a look at the debdiff (attached)
> and tell me what you think about CVE-2016-7970 and CVE-2016-7971 which
> appears to be unfixed, even disputed upstream.

I have not had the time to look at the CVEs in jessie yet, so I cannot say
anothing regarding the patches for jessie and less so for wheezy.

Sebastian Ramacher

Attachment: signature.asc
Description: PGP signature

Reply to: