Hi, On Fri, Jun 27, 2014 at 07:30:11PM +0200, Andreas Cadhalpun wrote: > I'd like to inform you that ffmpeg 0.5.10-1 in squeeze is vulnerable > to CVE-2014-4610 [1]. > The fix [2] should be easily backportable.
Thanks for taking the time to send this info through. This bug has been marked as "wontfix" for squeeze; the rationale provided was "end-of-life; Backports to 0.5.x not useful, too many checks missing". I'm not an expert in all things ffmpeg, and I wasn't the one who added that note; I've Cc'd the person who added that notation to provide further rationale if you need it. -- Matt Palmer, Debian Developer [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
