Bug#796255: vlc: CVE-2015-5949
Sebastian Ramacher
sramacher at debian.org
Fri Aug 21 07:00:42 UTC 2015
On 2015-08-20 21:51:31, Salvatore Bonaccorso wrote:
> Source: vlc
> Version: 2.2.0~rc2-2
> Severity: grave
> Tags: security upstream patch fixed-upstream
> Justification: user security hole
> Control: fixed -1 2.2.0~rc2-2+deb8u1
Is this the way the Security Team works nowadays? No coordination with the
maintainers at all. We could have at least coordinated the fix for sid.
We were also trying to push 2.2.1 to jessie with other fixes for not CVE-worthy
crashes. Admittely, the pu request hasn't gotten a reply from the Release Team
in ages, but still …
Thanks for not coordinating with us.
--
Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150821/0f20f47b/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list