Hi Diego,
> > Thanks for your work. I'll have a look at it and upload tomorrow.
>
> Nice.
Uploaded.
> > Concerning the old CVEs (CVE-2015-6820, etc.), we could maybe ask the
> > ffmpeg project for the reproducers ? Not sure they will still have them,
> > but it doesn't hurt to try.
>
> I'll try to get in contact with the Google people in order to receive direct
> access. Doing this through multiple levels of indirection is quite annoying.
Good idea, thanks.
> I just noticed that you are listing CVE-2015-5479 and CVE-2015-1872 as still
> open for 0.8 on
>
> https://security-tracker.debian.org/tracker/CVE-2015-5479
> https://security-tracker.debian.org/tracker/CVE-2015-1872
>
> We fixed this a long time ago with release 0.8.18, you can mark these as
> fixed for wheezy and close the CVE entries.
Actually, these CVEs are already marked as fixed, but the fix is 'only present'
in wheezy-security (have a look at the global overview[0], they are in the
"resolved issues" section).
Cheers,
Hugo
[0] https://security-tracker.debian.org/tracker/source-package/libav
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature