Re: Wheezy update of vorbis-tools for CVE-2015-6749
On Sun, 2 Jul 2017, Petter Reinholdtsen wrote:
Should this update be announced on the announcement list? Does it need
a DLA? The security team tagged it no-dsa. I can build, test and
upload, but am unsure abount the announcing part.
yes, any LTS upload needs a DLA after the package arrives in the archive.
The security tracker contains a script (bin/gen-DLA) that creates a
template for such a DLA, you just have to fill in some description. If you
don't want to do this, don't hesitate to inform the LTS team and somebody
else will do the bookkeeping.
While you are at it, there are also CVE-2014-9640 and CVE-2014-9639, which
can be seen in.