Hi again, On 25/06/17 23:11, James Cowgill wrote: > On 25/06/17 22:46, Cyril Brulebois wrote: >> James Cowgill <jcowgill@debian.org> (2017-06-20): >>> This update contains a number of security fixes to libopenmpt which >>> upstream has specifically asked me to get into stretch. Upstream asked >>> me to fix these earlier this month and since none of them looked >>> "critical" I decided to wait and file a stretch-pu bug (although maybe >>> I was a little lazy...) The worst bugs fixed here are NULL pointer >>> dereferences - I don't think there is any remote code execution here. >> >> I suspect it would be best to check with the security team anyway? > > OK I've asked them in the original bug report. Salvatore Bonaccorso replied and said this was OK to do in a point release. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864195#72 Thanks, James
Attachment:
signature.asc
Description: OpenPGP digital signature