Hi Diego, > > Thanks for your work. I'll have a look at it and upload tomorrow. > > Nice. Uploaded. > > Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the > > ffmpeg project for the reproducers ? Not sure they will still have them, > > but it doesn't hurt to try. > > I'll try to get in contact with the Google people in order to receive direct > access. Doing this through multiple levels of indirection is quite annoying. Good idea, thanks. > I just noticed that you are listing CVE-2015-5479 and CVE-2015-1872 as still > open for 0.8 on > > https://security-tracker.debian.org/tracker/CVE-2015-5479 > https://security-tracker.debian.org/tracker/CVE-2015-1872 > > We fixed this a long time ago with release 0.8.18, you can mark these as > fixed for wheezy and close the CVE entries. Actually, these CVEs are already marked as fixed, but the fix is 'only present' in wheezy-security (have a look at the global overview[0], they are in the "resolved issues" section). Cheers, Hugo [0] https://security-tracker.debian.org/tracker/source-package/libav -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature