Your message dated Sun, 22 Feb 2026 00:05:09 +0100
with message-id <[email protected]>
and subject line Re: Bug#1128625: [mediastreamer2] vulnerable to CVE-2026-2447
has caused the Debian Bug report #1128625,
regarding [mediastreamer2] vulnerable to CVE-2026-2447
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1128625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128625
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mediastreamer2
Version: 1:5.3.105+dfsg-5
Severity: grave
Dear maintainer, you may be aware of the recent high-profile security
vulnerability patched in libvpx (CVE-2026-2447).
Please be aware that while libvpx12 in the Sid archive is patched for
this, libvpx11 is not, and libmediastreamer2-14 depends upon libvpx11
not libvpx12.
This leaves users of linphone potentially vulnerable.
I've filed a bug against libvpx11 itself (#1128623). Hopefully its
maintainer will backport patches. Otherwise please can you look at
patching mediastreamer2 to use libvpx12.
--- End Message ---
--- Begin Message ---
Hi
On 2026-02-21 22:53:27 +0000, Lyndon Brown wrote:
> Source: mediastreamer2
> Version: 1:5.3.105+dfsg-5
> Severity: grave
>
> Dear maintainer, you may be aware of the recent high-profile security
> vulnerability patched in libvpx (CVE-2026-2447).
>
> Please be aware that while libvpx12 in the Sid archive is patched for
> this, libvpx11 is not, and libmediastreamer2-14 depends upon libvpx11
> not libvpx12.
There is no need to file bugs against all reverse dependencies of
libvpx11. They would depend on libvpx12 if they could be built. In case
of mediastreamer2, this is #1115035.
Closing
Cheers
--
Sebastian Ramacher
--- End Message ---
