[Secure-testing-team] lenny packages for libtheora issues
Michael Gilbert
michael.s.gilbert at gmail.com
Fri Jan 22 01:07:11 UTC 2010
On Sat, 16 Jan 2010 17:06:58 -0500 Michael Gilbert wrote:
> Hi all,
>
> I have prepared a lenny package for the theora issues that are
> addressed in xulrunner. Note that two of them never got a CVE
> (one should probably be requested), but have been fixed ever since
> the first release of firefox 3.5. I think this should be a DSA. The
> package is at http://alioth.debian.org/~gilbert-guest/libtheora.
> Attached is the debdiff. Etch doesn't have the vulnerable code.
Is anyone willing to sponsor a DSA for this? I could push it as a
proposed-update since that is happening very soon, but I'm pretty sure
that it deserves a proper DSA.
Just let me know what I should do.
Mike
More information about the Secure-testing-team
mailing list