Re: Wheezy update of libmad?
On 11/05/18 12:41, Emilio Pozuelo Monfort wrote: > On 11/05/18 11:49, Kurt Roeckx wrote: >> On Fri, May 11, 2018 at 09:25:17AM +0200, Emilio Pozuelo Monfort wrote: >>> Hi Kurt, >>> >>> On 30/01/18 21:59, Kurt Roeckx wrote: On Tue, Jan 30, 2018 at 08:33:53PM +0100, Ola Lundqvist wrote: > Dear maintainers, > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libmad: > https://security-tracker.debian.org/tracker/CVE-2017-8372 > https://security-tracker.debian.org/tracker/CVE-2017-8373 > https://security-tracker.debian.org/tracker/CVE-2017-8374 > > Would you like to take care of this yourself? I will take care of them myself. >>> >>> I see that the update happened for jessie/stretch. wheezy has the same >>> upstream >>> version as jessie so the patches should apply cleanly there. I suppose you >>> are >>> doing the update but if you lack the time let me know and I can help. >> >> I'm still unable to do build packages for wheezy, so if you can >> help with it that would be great. It's really the same patches that >> were applied to all other versions. > > Ok, no worries. I'll take a look at it and apply those patches to wheezy. Sorry for the delay. I have just released this after testing it against gstreamer's mad element. Cheers, Emilio
Re: Wheezy update of libmad?
On 11/05/18 11:49, Kurt Roeckx wrote: > On Fri, May 11, 2018 at 09:25:17AM +0200, Emilio Pozuelo Monfort wrote: >> Hi Kurt, >> >> On 30/01/18 21:59, Kurt Roeckx wrote: >>> On Tue, Jan 30, 2018 at 08:33:53PM +0100, Ola Lundqvist wrote: Dear maintainers, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of libmad: https://security-tracker.debian.org/tracker/CVE-2017-8372 https://security-tracker.debian.org/tracker/CVE-2017-8373 https://security-tracker.debian.org/tracker/CVE-2017-8374 Would you like to take care of this yourself? >>> >>> I will take care of them myself. >> >> I see that the update happened for jessie/stretch. wheezy has the same >> upstream >> version as jessie so the patches should apply cleanly there. I suppose you >> are >> doing the update but if you lack the time let me know and I can help. > > I'm still unable to do build packages for wheezy, so if you can > help with it that would be great. It's really the same patches that > were applied to all other versions. Ok, no worries. I'll take a look at it and apply those patches to wheezy. Cheers, Emilio
Re: Wheezy update of libmad?
On Fri, May 11, 2018 at 09:25:17AM +0200, Emilio Pozuelo Monfort wrote: > Hi Kurt, > > On 30/01/18 21:59, Kurt Roeckx wrote: > > On Tue, Jan 30, 2018 at 08:33:53PM +0100, Ola Lundqvist wrote: > >> Dear maintainers, > >> > >> The Debian LTS team would like to fix the security issues which are > >> currently open in the Wheezy version of libmad: > >> https://security-tracker.debian.org/tracker/CVE-2017-8372 > >> https://security-tracker.debian.org/tracker/CVE-2017-8373 > >> https://security-tracker.debian.org/tracker/CVE-2017-8374 > >> > >> Would you like to take care of this yourself? > > > > I will take care of them myself. > > I see that the update happened for jessie/stretch. wheezy has the same > upstream > version as jessie so the patches should apply cleanly there. I suppose you are > doing the update but if you lack the time let me know and I can help. I'm still unable to do build packages for wheezy, so if you can help with it that would be great. It's really the same patches that were applied to all other versions. Kurt
Re: Wheezy update of libmad?
Hi Kurt, On 30/01/18 21:59, Kurt Roeckx wrote: > On Tue, Jan 30, 2018 at 08:33:53PM +0100, Ola Lundqvist wrote: >> Dear maintainers, >> >> The Debian LTS team would like to fix the security issues which are >> currently open in the Wheezy version of libmad: >> https://security-tracker.debian.org/tracker/CVE-2017-8372 >> https://security-tracker.debian.org/tracker/CVE-2017-8373 >> https://security-tracker.debian.org/tracker/CVE-2017-8374 >> >> Would you like to take care of this yourself? > > I will take care of them myself. I see that the update happened for jessie/stretch. wheezy has the same upstream version as jessie so the patches should apply cleanly there. I suppose you are doing the update but if you lack the time let me know and I can help. Cheers, Emilio
Re: Wheezy update of libmad?
On Tue, Jan 30, 2018 at 08:33:53PM +0100, Ola Lundqvist wrote: > Dear maintainers, > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libmad: > https://security-tracker.debian.org/tracker/CVE-2017-8372 > https://security-tracker.debian.org/tracker/CVE-2017-8373 > https://security-tracker.debian.org/tracker/CVE-2017-8374 > > Would you like to take care of this yourself? I will take care of them myself. Kurt
Wheezy update of libmad?
Dear maintainers, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of libmad: https://security-tracker.debian.org/tracker/CVE-2017-8372 https://security-tracker.debian.org/tracker/CVE-2017-8373 https://security-tracker.debian.org/tracker/CVE-2017-8374 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of libmad updates for the LTS releases. Thank you very much. Debian, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
Wheezy update of libmad?
Dear maintainers, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of libmad: https://security-tracker.debian.org/tracker/CVE-2017-8372 https://security-tracker.debian.org/tracker/CVE-2017-8373 https://security-tracker.debian.org/tracker/CVE-2017-8374 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of libmad updates for the LTS releases. Thank you very much. Ola Lundqvist, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
Re: [pkg-mad-maintainers] Wheezy update of libmad?
On Mon, Aug 07, 2017 at 07:39:34AM -0400, Chris Lamb wrote: > Dear maintainer(s), > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libmad: > https://security-tracker.debian.org/tracker/source-package/libmad > > Would you like to take care of this yourself? This is not fixed in any of the suites, there is no patch available yet. If I have a patch I will upload it to all suites. Kurt