Bug#827397: RFS: vlc/2.0.3-5+deb7u3
On Wed, Jun 15, 2016 at 08:03:28PM +0200, Mateusz Łukasik wrote:
> I am looking for a sponsor for my package "vlc"
>
> * Package name : vlc
> Version : 2.0.3-5+deb7u3
> https://mentors.debian.net/debian/pool/main/v/vlc/vlc_2.0.3-5+deb7u3.dsc
>
> Changes since the last upload:
>
> Fix CVE-2016-5108. (Closes: #825728)
Hi!
I've reviewed the upload, but I'm not sure if you coordinated it
with the LTS team. I find a contradition:
https://lists.debian.org/debian-lts/2016/06/msg00031.html
says vlc is no longer supported in wheezy, yet in
https://lists.debian.org/debian-lts/2016/06/msg00035.html
the quoted mail sounds as if the upload is expected.
Should I proceed?
As I haven't ever made a security upload before, mine nor sponsored, let me
recap: I make a source-only upload targetted at wheezy-security to
security-master, right?
Tested on amd64, the patch indeed fixes the exploit posted in the CVE.
--
An imaginary friend squared is a real enemy.
Reply to: