Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
James Cowgill
jcowgill at debian.org
Fri Feb 9 09:36:17 UTC 2018
On 09/02/18 09:31, Fabian Greffrath wrote:
> Hi Salvatore,
>
> Salvatore Bonaccorso wrote:
>> The current issues which were fixed in DLA-1077-1 are all no-dsa, so
>> thei did not warrant a DSA via security.d.o. Can you fix those issues
>> via upcoming point releases?
>
> yes, probably. But I guess that's not Mikulas' point:
>
> Both wheezy and jessie had package version 2.7-8. While wheezy got a fixed
> package with 2.7-8+deb7u1, jessie didn't. The fix should be as straight as
> uploading the same (source) package to jessie that got uploaded to wheezy.
... with changelog and version number adjustments (it can never be
exactly the same).
Also, the security tracker claims this affects stretch as well which
would need a separate update.
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20180209/2affbb3c/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list