Hi Raphael,
On 29.07.2014 09:47, Raphael Geissert wrote:
Andreas Cadhalpun wrote:
According to the changelog[1], there have been 8 security updates for
ffmpeg in squeeze.
There would have been more
You're right, my calculation is slightly flawed.
but the code has evolved too much for it to be
feasible to backport the patches.
That is likely true for some, but not for others.
The real reason that there have not been more security updates for
ffmpeg in squeeze is that since 0.5.6 this is actually Libav and Libav
upstream stopped providing backports to 0.5 after 0.5.10 in February
2013 [1]. FFmpeg upstream released 0.5.14 in July 2014 [2] with some
more fixes [3].
So had both been in squeeze, there would have been four more, i.e. 16
security updates.
Not to mention that some bugs that are being
fixed are, for example, for incomplete checks - checks that don't exist in the
0.5 branch.
What do you mean here? If the affected code is not there, then that's
nice, because a backport is not needed.
Best regards,
Andreas
1: https://www.libav.org/releases/
2: https://www.ffmpeg.org/releases/
3:
https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.5
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53d7cf25.3040...@googlemail.com
