[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy update for libav



Hi Diego,

> > Thanks for your work. I'll have a look at it and upload tomorrow.
> 
> Nice.

Uploaded.

> > Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the
> > ffmpeg project for the reproducers ? Not sure they will still have them,
> > but it doesn't hurt to try.
> 
> I'll try to get in contact with the Google people in order to receive direct
> access. Doing this through multiple levels of indirection is quite annoying.

Good idea, thanks.

> I just noticed that you are listing CVE-2015-5479 and CVE-2015-1872 as still
> open for 0.8 on
> 
> https://security-tracker.debian.org/tracker/CVE-2015-5479
> https://security-tracker.debian.org/tracker/CVE-2015-1872
> 
> We fixed this a long time ago with release 0.8.18, you can mark these as
> fixed for wheezy and close the CVE entries.

Actually, these CVEs are already marked as fixed, but the fix is 'only present'
in wheezy-security (have a look at the global overview[0], they are in the
"resolved issues" section).

Cheers,
 Hugo

[0] https://security-tracker.debian.org/tracker/source-package/libav

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature


Reply to: