On Thu, Aug 20, 2015 at 10:04:56AM +0200, Ben Hutchings wrote: > On Thu, 2015-08-20 at 10:09 +0300, Sebastian Dröge wrote: > > Hi, > > > > On Mi, 2015-08-19 at 23:29 +0200, b...@decadent.org.uk wrote: > > > Hello dear maintainer(s), > > > > > > the Debian LTS team would like to fix the security issues which are > > > currently open in the Squeeze version of libvpx: > > > https://security-tracker.debian.org/tracker/CVE-2015-4485 > > > https://security-tracker.debian.org/tracker/CVE-2015-4486 > > > > > > Would you like to take care of this yourself? We are still > > > understaffed so any help is always highly appreciated. > > > > I would update the package, but unfortunately I don't know what changes > > are fixing these CVEs and there's not much information publically > > available. > > Yes, I realised that when trying to work out whether squeeze is > affected.
I've pinged mozilla again to make the content of the bugs public. Cheer, -- Guido