Package: libvpx11 Version: 1.15.2-2 Severity: grave Dear maintainer, thank you for promptly updating libvpx12 to address the recent high-profile security vulnerability (CVE-2026-2447).
However, I'm concerned about libvpx11. This exists alongside libvpx12 in the Sid archive and does not appear to have had any vulnerability fixes backported to it yet. It is currently depended upon by: - libavcodec61 - libavcodec-extra61 - libmediastreamer2-14 - utox And thus transitively by the likes of blender, handbrake, kodi, and linphone. It is unfortunate that the security tracker gives a false suggestion that Sid is fully patched, when in fact only libvpx12 and presumably the source package are patched, but not libvpx11.
