On Mi, Nov 02, 2011 at 15:33:20 (CET), Yves-Alexis Perez wrote:
> Hey,
>
> I'm considering the various open issues in ffmpeg in Squeeze
> (CVE-2011-{3362,3504,3973,3974}). They were fixed in sid (in libav) but
> not yet in Squeeze, so I intented to take a look at them and maybe do an
> upload to stable-security but Moritz told me that you maintained a
> stable branch so maybe you already have something ready.
>
> What do you think? Should I start preparing something or do you want to
> handle it?
Thank you for pointing out theses issues.
I'm maintaining a stable branch upstream here:
http://git.libav.org/?p=libav.git;a=shortlog;h=refs/heads/release/0.5
If you could point me out the corresponding commits that fix these CVEs
the master branch, I'm happy to backport them to that branch and roll a
0.5.5 release on short notice. Based on that release, we then update
our stable packaging branch here:
http://anonscm.debian.org/gitweb/?p=pkg-multimedia/libav.git;a=shortlog;h=refs/heads/squeeze
I'd propose to then build a package from that branch and upload it to
stable-security. Would that work for you?
Cheers,
Reinhard
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
