Re: wheezy update for libav

To: Hugo Lefeuvre <hle@debian.org>
Cc: Markus Koschany <apo@debian.org>, Debian LTS <debian-lts@lists.debian.org>, Diego Biurrun <diego@biurrun.de>
Subject: Re: wheezy update for libav
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 12 Sep 2016 13:12:48 +0200
Message-id: <[🔎] 20160912111248.GA11822@inutil.org>
In-reply-to: <[🔎] 20160912105232.kkyp7hqzsgxyo5n7@hle.local>
References: <[🔎] 20160911221806.yf4rpxu64llgfrzb@hle.local> <[🔎] CAK0Odpx9Zae1TyUSkrgAodTmg2JO+N7NgCZ3bhQh7Fdt118ktg@mail.gmail.com> <[🔎] a3794814-7931-64ea-8364-b1f326cffcc6@debian.org> <[🔎] 20160912105232.kkyp7hqzsgxyo5n7@hle.local>

On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote:
> Hi,
> 
> > I'm counting 22 open CVEs for libav at the moment. Which of them do you
> > intend to address with your fixes? Do you mind working together with
> > Hugo Lefeuvre on some issues? I could imagine you both could pool your
> > resources together.
> 
> (24 if we count the two issues marked no-dsa by the security team)
> 
> Some CVE triage:
> 
> Upstream patch applies directly, or almost:

All of the issues marked <undetermined> don't have upstream fixes in the 
sense that libav fixed them, only fixes in ffmpeg git.

If you want to address them in oldstable/stable, you should get the libav developers 
to merge them first.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: wheezy update for libav
  - From: Hugo Lefeuvre <hle@debian.org>

References:
- wheezy update for libav
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: wheezy update for libav
  - From: Bálint Réczey <balint@balintreczey.hu>
- Re: wheezy update for libav
  - From: Markus Koschany <apo@debian.org>
- Re: wheezy update for libav
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Re: wheezy update for libav
Next by Date: Re: wheezy update for libav
Previous by thread: Re: wheezy update for libav
Next by thread: Re: wheezy update for libav
Index(es):
- Date
- Thread