On Sat, 2015-02-07 at 13:01 +0100, Luciano Bello wrote: > I just dak-installed liblivemedia_2012.05.17-1+wheezy1 to release a DSA > announcing fix for was recently updated in wheezy-security and wheezy-p-u to > fix CVE-2013-6933. This requires vlc and mplayer to be built against this > new > version. The plan is to include all these fixes in the same DSA.
So the binNMUs need to happen in wheezy-security, not p-u. I've just scheduled those. I assume they'll pick up the liblivemedia from security, but I can't check the logs. > vlc is in the security-archive mplayer is not. If I understand correctly, in > the mplayer case, I just need to recompile mplayer using the now-installed > liblivemedia and upload to security master as a normal security fix. Am I > right? You'd need the mplayer source in the security archive in order to be able to binNMU it, so if it's not there already then yes it'll need to be uploaded anyway at which point there'd be no need for binNMUs. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org