Bug#827397: RFS: vlc/2.0.3-5+deb7u3

To: Mateusz Łukasik <mati75@linuxmint.pl>, 827397@bugs.debian.org, debian-lts@lists.debian.org
Subject: Bug#827397: RFS: vlc/2.0.3-5+deb7u3
From: Adam Borowski <kilobyte@angband.pl>
Date: Thu, 16 Jun 2016 08:39:00 +0200
Message-id: <[🔎] 20160616063900.GB6580@angband.pl>
Reply-to: Adam Borowski <kilobyte@angband.pl>, 827397@bugs.debian.org
In-reply-to: <[🔎] 182c7489-c5cc-aba6-312d-0dc275ec09a0@linuxmint.pl>
References: <[🔎] 182c7489-c5cc-aba6-312d-0dc275ec09a0@linuxmint.pl>

On Wed, Jun 15, 2016 at 08:03:28PM +0200, Mateusz Łukasik wrote:
> I am looking for a sponsor for my package "vlc"
> 
>  * Package name    : vlc
>    Version         : 2.0.3-5+deb7u3
> https://mentors.debian.net/debian/pool/main/v/vlc/vlc_2.0.3-5+deb7u3.dsc
> 
>   Changes since the last upload:
> 
>   Fix CVE-2016-5108. (Closes: #825728)

Hi!
I've reviewed the upload, but I'm not sure if you coordinated it
with the LTS team.  I find a contradition:
  https://lists.debian.org/debian-lts/2016/06/msg00031.html
says vlc is no longer supported in wheezy, yet in
  https://lists.debian.org/debian-lts/2016/06/msg00035.html
the quoted mail sounds as if the upload is expected.

Should I proceed?

As I haven't ever made a security upload before, mine nor sponsored, let me
recap: I make a source-only upload targetted at wheezy-security to
security-master, right?

Tested on amd64, the patch indeed fixes the exploit posted in the CVE.

-- 
An imaginary friend squared is a real enemy.

Reply to:

Follow-Ups:
- Bug#827397: RFS: vlc/2.0.3-5+deb7u3
  - From: Gianfranco Costamagna <locutusofborg@debian.org>

References:
- Bug#827397: RFS: vlc/2.0.3-5+deb7u3
  - From: Mateusz Łukasik <mati75@linuxmint.pl>

Prev by Date: Processed: lacme: block ITP 827357 by RFS 827425
Next by Date: Bug#827397: RFS: vlc/2.0.3-5+deb7u3
Previous by thread: Bug#827397: RFS: vlc/2.0.3-5+deb7u3
Next by thread: Bug#827397: RFS: vlc/2.0.3-5+deb7u3
Index(es):
- Date
- Thread