On 2010/04/22 16:57, Jon Tibble wrote: > On 22/04/2010 16:35, Stuart Henderson wrote: > >On 2010/04/22 17:16, David Coppa wrote: > >>Guys, > >> > >>1.0.6 is out... > > > >It will always be a moving target. If 1.0.5 is nearly in shape > >I think it's better to concentrate on that first. Considering how > >long build takes we don't really want another round... > > > >I did eventually get a qt4 built on arm so my vlc build will > >probably finish sometime late today or tomorrow. > > > > > Are the vulns fixed in 1.0.6 already addressed in the ports patches > for 1.0.5? > > http://www.videolan.org/security/sa1003.html >
No, but the in-tree version is already affected by these, so it makes sense to move ahead, it is closer to getting them fixed. There are undoubtedly plenty of other vulnerabilities that haven't been (found | publically announced) yet...
