On Friday 19 August 2016 17.39.02 Brian May wrote:
> > All 45.3.0esr-1* versions are fixed, but this only actually affects when
> > playing videos with ffmpeg 0.10 installed. *not* ffmpeg 1.0, *not*
> > libav. So for most practical purposes, wheezy and jessie are not
> > /really/ affected as long a
Hi Brian,
On Thu, Aug 18, 2016 at 07:24:55AM +0200, Guido Günther wrote:
> Hi Brian,
> On Wed, Aug 17, 2016 at 05:49:46PM +1000, Brian May wrote:
> > Guido Günther writes:
> >
> > > As I wrote in dla-needed.txt the bignum handling is in
> > > crypto/peersec/mpi.c and it seems to use the same algo
Brian May wrote:
> It looks like this patch involves refactoring of the code. Which is
> going to make it more complicated applying it to the wheezy version.
Indeed. In fact, when I was working back from this patch it was not
immediately obvious that wheezy was vulnerable due to the changes...
Brian May writes:
> I just had a look at CVE-2016-6830.
I was going to look at CVE-2016-6831 seperately, however it looks like
this was fixed at the same time as CVE-2016-6830
http://seclists.org/oss-sec/2016/q3/308
--
Brian May
I just had a look at CVE-2016-6830.
https://security-tracker.debian.org/tracker/CVE-2016-6830
refers to:
http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg1.html
Which has the following text:
"A fix has been implemented in master d866ac1 and chicken-5 c598381.
The patch for
Mike Hommey writes:
> All 45.3.0esr-1* versions are fixed, but this only actually affects when
> playing videos with ffmpeg 0.10 installed. *not* ffmpeg 1.0, *not*
> libav. So for most practical purposes, wheezy and jessie are not
> /really/ affected as long as only packages from wheezy and jessi
