Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.

Sébastien Delafond seb at debian.org
Sat Feb 10 08:38:11 UTC 2018


On Feb/09, Fabian Greffrath wrote:
> Salvatore Bonaccorso wrote:
> > The current issues which were fixed in DLA-1077-1 are all no-dsa, so
> > thei did not warrant a DSA via security.d.o. Can you fix those issues
> > via upcoming point releases?
> 
> yes, probably. But I guess that's not Mikulas' point:
> 
> Both wheezy and jessie had package version 2.7-8. While wheezy got a
> fixed package with 2.7-8+deb7u1, jessie didn't. The fix should be as
> straight as uploading the same (source) package to jessie that got
> uploaded to wheezy.

We got the point made by the original reporter. However, as Salvatore
mentioned : regardless of the nature of the fix, all those issues were
tagged no-DSA, meaning the Security Team does not consider them serious
enough to fixed through a DSA. That's why the corresponding fixes will
have to go through a point release instead.

Cheers,

--Seb



More information about the pkg-multimedia-maintainers mailing list