On Friday 19 August 2016 17.39.02 Brian May wrote:
> > All 45.3.0esr-1* versions are fixed, but this only actually affects when
> > playing videos with ffmpeg 0.10 installed. *not* ffmpeg 1.0, *not*
> > libav. So for most practical purposes, wheezy and jessie are not
> > /really/ affected as long a
Mike Hommey writes:
> All 45.3.0esr-1* versions are fixed, but this only actually affects when
> playing videos with ffmpeg 0.10 installed. *not* ffmpeg 1.0, *not*
> libav. So for most practical purposes, wheezy and jessie are not
> /really/ affected as long as only packages from wheezy and jessi
On Wed, Aug 17, 2016 at 09:00:30AM +0100, Chris Lamb wrote:
> Hi Brian,
>
> > 45.3.0esr-1~deb7u1 in wheezy is vulnerable.
> > 45.3.0esr-1~deb8u1 in jessie is vulnerable.
> > 45.3.0esr-1 in sid and stretch is not vulnerable.
> >
> > Which makes me wonder if Wheezy and Jessie versions have been fix
Hi Brian,
> 45.3.0esr-1~deb7u1 in wheezy is vulnerable.
> 45.3.0esr-1~deb8u1 in jessie is vulnerable.
> 45.3.0esr-1 in sid and stretch is not vulnerable.
>
> Which makes me wonder if Wheezy and Jessie versions have been fixed, but
> not marked as such
Good spot.
CVE-2016-2839 is marked as fixed
