Yves-Alexis Perez
2011-Nov-01 19:06 UTC
[Secure-testing-team] CVE-2011-{3362, 3504, 3973, 3974} for {old, }stable
Hey, those CVEs are marked as removed (ffmpeg, squeeze) and end-of-life (ffmpeg, lenny). I understand that for Lenny we don''t support ffmpeg that long, but I''m not sure about the Squeeze status. And on the tracker website (though I''m not sure how much we can trust it right now) this appear as fixed for Lenny (and vulnerable for Wheezy). If it''s end-of-life, I''m not sure it should appear as fixed. Is there someone working on the update for Squeeze? It seems that there''s no RT ticket so I''ll start by this, I guess. Regards, -- Yves-Alexis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20111101/503d4f26/attachment.pgp>
Yves-Alexis Perez
2011-Nov-02 09:23 UTC
[Secure-testing-team] CVE-2011-{3362, 3504, 3973, 3974} for {old, }stable
On mar., 2011-11-01 at 20:06 +0100, Yves-Alexis Perez wrote:> Hey, > > those CVEs are marked as removed (ffmpeg, squeeze) and end-of-life > (ffmpeg, lenny). I understand that for Lenny we don''t support ffmpeg > that long, but I''m not sure about the Squeeze status. > > And on the tracker website (though I''m not sure how much we can trust it > right now) this appear as fixed for Lenny (and vulnerable for Wheezy). > If it''s end-of-life, I''m not sure it should appear as fixed. > > Is there someone working on the update for Squeeze? It seems that > there''s no RT ticket so I''ll start by this, I guess. >Ping? -- Yves-Alexis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20111102/5f67a475/attachment.pgp>