Bug#801102: Fix for security issue in audiofile (CVE-2015-7747)?
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 14 15:33:49 UTC 2016
Hi,
On Tue, Jun 14, 2016 at 03:00:08PM +0100, James Cowgill wrote:
> On Tue, 2016-06-14 at 15:43 +0200, Petter Reinholdtsen wrote:
> > [James Cowgill]
> > > I can fix it right now in Debian (along with a few other things). Hold
> > > on a moment...
> >
> > Very good. Via the upstream github pull request I discovered that
> > Ubuntu already uploaded a fix, available as a rather messy patch from
> > .
> >
> > I look forward to seeing the fix in Debian unstable. Do you plan to fix
> > it in stable too?
>
> After I've fixed it in unstable, I'll ping the security team and see
> what they have to say about stable updates. Jessie has 0.3.6 as well so
> the patch should be identical.
We marked the issue as no-dsa a while back. Could you (once the fix
landed in unstable) address this via a stable update via jessie-pu,
see
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#upload-stable
for documentation.
Thanks a lot for your work,
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20160614/b7544c36/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list