Hopefully I collected all the right CCs, if just Debian LTS is enough please tell me, sorry for duplicate emails.. On Mon, Sep 12, 2016 at 10:22:29AM +0200, Markus Koschany wrote: > On 12.09.2016 00:46, Bálint Réczey wrote: > > 2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre <hle@debian.org>: > >> I'd like to prepare an LTS upload for libav[0]. The upstream patch for > >> CVE-2016-7393 is very simple and could be grouped with patches from older > >> analogous CVEs like CVE-2015-8662 in a broad LTS upload. > >> > >> Does anybody think it's a bad idea ? These CVEs are minor security > >> issues, so we could also mark them as no-dsa. > > > > Libav is special because we agreed to work with Diego Biurrun and Markus > > is his LTS connection: > > https://lists.debian.org/debian-lts/2016/08/msg00160.html > > > > I would wait for Markus' answer before preparing the update. > > I agree that we should prepare an LTS upload for libav in the near > future now. > > Diego, could you brief us on the status of your work in progress please? I'm dreadfully overworked still and not making as much progress as I hoped so far. This morning I pushed a fix for CVE-2016-7393 to the libav 0.8 branch. You can cross that one off your list. I'm looking at the list of issues as I write this; more fixes should be incoming. > I'm counting 22 open CVEs for libav at the moment. Which of them do you > intend to address with your fixes? Do you mind working together with > Hugo Lefeuvre on some issues? I could imagine you both could pool your > resources together. Sure. Diego
Attachment:
signature.asc
Description: Digital signature