Re: Declaring mp3gain as unsupported
> I reviewed the case of mp3gain. Upstream development is dead (last release
> in 2009). The package is only in wheezy, it's gone from jessie and newer
> releases. The package is not used by any LTS sponsor.
> Thus I believe that the best course of action is to not spend any time on
> it and to mark the package as unsupported in debian-security-support. If
> anyone disagrees, please let me know.
Agree. I have spent some hours some months ago trying to investigate
these vulnerabilities, but I had difficulties to reproduce some of them and
concluded that it wasn't worth spending a lot of time investigating and patching
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA