Michael Gilbert
2010-Jan-16 22:06 UTC
[Secure-testing-team] lenny packages for libtheora issues
Hi all, I have prepared a lenny package for the theora issues that are addressed in xulrunner. Note that two of them never got a CVE (one should probably be requested), but have been fixed ever since the first release of firefox 3.5. I think this should be a DSA. The package is at http://alioth.debian.org/~gilbert-guest/libtheora. Attached is the debdiff. Etch doesn''t have the vulnerable code. Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: libtheora-lenny.debdiff Type: application/octet-stream Size: 9451 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100116/660cf462/attachment.obj>
Michael Gilbert
2010-Jan-22 01:07 UTC
[Secure-testing-team] lenny packages for libtheora issues
On Sat, 16 Jan 2010 17:06:58 -0500 Michael Gilbert wrote:> Hi all, > > I have prepared a lenny package for the theora issues that are > addressed in xulrunner. Note that two of them never got a CVE > (one should probably be requested), but have been fixed ever since > the first release of firefox 3.5. I think this should be a DSA. The > package is at http://alioth.debian.org/~gilbert-guest/libtheora. > Attached is the debdiff. Etch doesn''t have the vulnerable code.Is anyone willing to sponsor a DSA for this? I could push it as a proposed-update since that is happening very soon, but I''m pretty sure that it deserves a proper DSA. Just let me know what I should do. Mike