[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of vorbis-tools for CVE-2015-6749

Hi Petter,

On Sun, 2 Jul 2017, Petter Reinholdtsen wrote:
Should this update be announced on the announcement list?  Does it need
a DLA?  The security team tagged it no-dsa.  I can build, test and
upload, but am unsure abount the announcing part.

yes, any LTS upload needs a DLA after the package arrives in the archive. The security tracker contains a script (bin/gen-DLA) that creates a template for such a DLA, you just have to fill in some description. If you don't want to do this, don't hesitate to inform the LTS team and somebody else will do the bookkeeping.

While you are at it, there are also CVE-2014-9640 and CVE-2014-9639, which can be seen in[1].


[1] https://security-tracker.debian.org/tracker/source-package/vorbis-tools

Reply to: