Wheezy update of vorbis-tools for CVE-2015-6749
Thorsten Alteholz
debian at alteholz.de
Sun Jul 2 18:02:46 UTC 2017
Hi Petter,
On Sun, 2 Jul 2017, Petter Reinholdtsen wrote:
> Should this update be announced on the announcement list? Does it need
> a DLA? The security team tagged it no-dsa. I can build, test and
> upload, but am unsure abount the announcing part.
yes, any LTS upload needs a DLA after the package arrives in the archive.
The security tracker contains a script (bin/gen-DLA) that creates a
template for such a DLA, you just have to fill in some description. If you
don't want to do this, don't hesitate to inform the LTS team and somebody
else will do the bookkeeping.
While you are at it, there are also CVE-2014-9640 and CVE-2014-9639, which
can be seen in[1].
Thorsten
[1] https://security-tracker.debian.org/tracker/source-package/vorbis-tools
More information about the pkg-xiph-maint
mailing list