Re: Wheezy update of vorbis-tools for CVE-2015-6749

To: Petter Reinholdtsen <pere@hungry.com>
Cc: debian-lts@lists.debian.org, pkg-xiph-maint@lists.alioth.debian.org
Subject: Re: Wheezy update of vorbis-tools for CVE-2015-6749
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 2 Jul 2017 20:02:46 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1707021954420.28253@jupiter.server.alteholz.net>
In-reply-to: <[🔎] 2flwp7rclde.fsf@diskless.uio.no>
References: <[🔎] 2flwp7rclde.fsf@diskless.uio.no>

Hi Petter,

On Sun, 2 Jul 2017, Petter Reinholdtsen wrote:

Should this update be announced on the announcement list?  Does it need
a DLA?  The security team tagged it no-dsa.  I can build, test and
upload, but am unsure abount the announcing part.

yes, any LTS upload needs a DLA after the package arrives in the archive.The security tracker contains a script (bin/gen-DLA) that creates atemplate for such a DLA, you just have to fill in some description. If youdon't want to do this, don't hesitate to inform the LTS team and somebodyelse will do the bookkeeping.

While you are at it, there are also CVE-2014-9640 and CVE-2014-9639, whichcan be seen in[1].


   Thorsten


[1] https://security-tracker.debian.org/tracker/source-package/vorbis-tools

Reply to:

Follow-Ups:
- Re: Wheezy update of vorbis-tools for CVE-2015-6749
  - From: Petter Reinholdtsen <pere@hungry.com>

References:
- Wheezy update of vorbis-tools for CVE-2015-6749
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Wheezy update of libtorrent-rasterbar?
Next by Date: Re: Wheezy update of mosquitto?
Previous by thread: Wheezy update of vorbis-tools for CVE-2015-6749
Next by thread: Re: Wheezy update of vorbis-tools for CVE-2015-6749
Index(es):
- Date
- Thread