Hi, On Fri, Jun 27, 2014 at 07:30:11PM +0200, Andreas Cadhalpun wrote: > I'd like to inform you that ffmpeg 0.5.10-1 in squeeze is vulnerable > to CVE-2014-4610 [1]. > The fix [2] should be easily backportable.
Thanks for taking the time to send this info through. This bug has been marked as "wontfix" for squeeze; the rationale provided was "end-of-life; Backports to 0.5.x not useful, too many checks missing". I'm not an expert in all things ffmpeg, and I wasn't the one who added that note; I've Cc'd the person who added that notation to provide further rationale if you need it. -- Matt Palmer, Debian Developer mpal...@debian.org -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140701000135.gu15...@hezmatt.org
