Hi. I got tired of CVE-2015-6749 showing up on <URL: https://udd.debian.org/dmd.cgi?email1=pere%40debian.org > and would like to provide an update for oldoldstable/Wheezy to fix the old security issue. Alexander Wirt suggested I follow the procedure on <URL: https://wiki.debian.org/LTS/Development >, but I must admit I am not up to date on the latest procedure and wonder if someone might help me.
The fixed package is available in git as <URL: https://anonscm.debian.org/cgit/pkg-xiph/vorbis-tools.git/log/?h=debian/wheezy >. It uses the same patch as was used to fix the issue in jessie, stretch and beyon. Should this update be announced on the announcement list? Does it need a DLA? The security team tagged it no-dsa. I can build, test and upload, but am unsure abount the announcing part. -- Happy hacking Petter Reinholdtsen
