Source: mediastreamer2 Version: 1:5.3.105+dfsg-5 Severity: grave Dear maintainer, you may be aware of the recent high-profile security vulnerability patched in libvpx (CVE-2026-2447).
Please be aware that while libvpx12 in the Sid archive is patched for this, libvpx11 is not, and libmediastreamer2-14 depends upon libvpx11 not libvpx12. This leaves users of linphone potentially vulnerable. I've filed a bug against libvpx11 itself (#1128623). Hopefully its maintainer will backport patches. Otherwise please can you look at patching mediastreamer2 to use libvpx12.
