Re: wheezy update for libav
On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote:
> Hi,
>
> > I'm counting 22 open CVEs for libav at the moment. Which of them do you
> > intend to address with your fixes? Do you mind working together with
> > Hugo Lefeuvre on some issues? I could imagine you both could pool your
> > resources together.
>
> (24 if we count the two issues marked no-dsa by the security team)
>
> Some CVE triage:
>
> Upstream patch applies directly, or almost:
All of the issues marked <undetermined> don't have upstream fixes in the
sense that libav fixed them, only fixes in ffmpeg git.
If you want to address them in oldstable/stable, you should get the libav developers
to merge them first.
Cheers,
Moritz
Reply to: