[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy update for libav

On Wed, Jan 11, 2017 at 09:14:52PM +0100, Hugo Lefeuvre wrote:
> > > I've had a look at the new CVEs reported for libav. I managed to
> > > reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but
> > > cherry picking the fix[0,1,2] for these issues doesn't seem to fix
> > > the problem.
> > 
> > It would help me to know which problem is CVE 21 and which is 22 so
> > that I can mark the fixing commits correctly in Git.
> See https://marc.info/?l=oss-security&m=148090747301705&w=2
> By the way, what about the patches I submitted here[0] ?
> [0] https://lists.debian.org/debian-lts/2016/12/msg00058.html

Unfortunately it is hard or impossible to evaluate those patches since
they have been created for/with secret samples...


Attachment: signature.asc
Description: Digital signature

Reply to: