Hi Hugo, 2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre <h...@debian.org>: > Hi, > > I'd like to prepare an LTS upload for libav[0]. The upstream patch for > CVE-2016-7393 is very simple and could be grouped with patches from older > analogous CVEs like CVE-2015-8662 in a broad LTS upload. > > Does anybody think it's a bad idea ? These CVEs are minor security > issues, so we could also mark them as no-dsa.
Libav is special because we agreed to work with Diego Biurrun and Markus is his LTS connection: https://lists.debian.org/debian-lts/2016/08/msg00160.html I would wait for Markus' answer before preparing the update. Cheers, Balint
