On Wed, Jan 13, 2010 at 09:28:43AM +0100, Reinhard Tartler wrote:
found 550442 0.svn20080206-18
stop
On Sa, Dez 05, 2009 at 00:33:02 (CET), Reinhard Tartler wrote:
Moritz Muehlenhoff j...@inutil.org writes:
Sorry, this slipped through. An update for stable-security would be very
On Tue, Feb 09, 2010 at 09:53:46AM +0100, Reinhard Tartler wrote:
On Do, Jan 28, 2010 at 22:26:45 (CET), Moritz Muehlenhoff wrote:
On Fri, Jan 22, 2010 at 06:10:55PM +0100, Moritz Muehlenhoff wrote:
On Wed, Jan 13, 2010 at 09:28:43AM +0100, Reinhard Tartler wrote:
found 550442 0
Reinhard Tartler wrote:
I don't think its really worth tracking dos-only fixes. FFmpeg is very
performance tuned, and AFAIUI upstream does consider dos-only fixes only
on a best efford basis as long as it doesn't impair performance.
Ack. Crashers in media libs are not treated as security
On Sun, Jul 18, 2010 at 09:15:20PM +0200, Reinhard Tartler wrote:
I don't think it is a practical problem to point than more than one diff
in the announcement and/or changelog. Do you?
For the Debian Security Team is pointer to an upload commit is usually
sufficient. Adding one would be much
Hi,
On Fri, Aug 06, 2010 at 02:55:31PM -0400, Reinhard Tartler wrote:
In any case, Moritz has localized this issue:
j...@galadriel:~$ sudo chroot chroots/lenny/
r...@galadriel:/# apt-get install libavformat52 libavcodec51
Reading package lists... Done
Building dependency tree
Reading
On Wed, Feb 16, 2011 at 03:27:48PM +0100, Reinhard Tartler wrote:
On Wed, Feb 16, 2011 at 15:22:48 (CET), Fabian Greffrath wrote:
Am 16.02.2011 15:13, schrieb Debian FTP Masters:
/ffmpeg-debian_0.svn20080206-18+lenny3_amd64.changes is already present on
target host:
Package: libav
Severity: grave
Tags: security
The following was reported to Bugtraq:
http://seclists.org/bugtraq/2011/Apr/257 (No CVE yet)
The ffmpeg commit
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32
isn't yet in libav git. Reinhard, can you pull
Package: gmerlin-encoders-ffmpeg
Severity: important
Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
http://en.wikipedia.org/wiki/FFmpeg for more information)
Your package currently fails to build from source when
Package: gmerlin-avdecoder
Severity: important
Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
http://en.wikipedia.org/wiki/FFmpeg for more information)
Your package currently fails to build from source when built
Package: idjc
Severity: normal
Tags: patch
I'm filing this bug to keep track of the fact that the libav7
support patch needs to be activated in debian/patches/series
once libav 0.7 is uploaded to unstable.
(I'm user-tagging all bugs affecting this transition so that we
don't miss any.)
Cheers,
Package: mplayer2
Version: 2.0-134-g84d8671-4
Severity: normal
Please drop the build-dep on svgalib and pass --disable-svga to the configure
script. svgalib is dead upstream for a long time, supports only vintage graphic
cards, is limited to x86 and very problematic from a security PoV (since it
Package: libav
Severity: important
The following was reported by oCERT:
http://www.ocert.org/advisories/ocert-2011-002.html
A CVE ID is not yet available, I will be requesting one. This is unfixed
in libav from sid. The ffmpeg fix can be found here:
Package: libav
Severity: important
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
Discovered by Microsoft :-)
ffmpeg fix:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7e33a66c0e178c3576c1ba1648be4295809adca8
Cheers,
Moritz
Package: mplayer
Severity: grave
Tags: security
Please see:
http://www.openwall.com/lists/oss-security/2011/10/14/1
http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf
Fix:
http://mplayerhq.hu/pipermail/mplayer-cvslog/2011-May/042075.html
I didn't check
On Wed, Nov 02, 2011 at 09:57:21PM +0100, Reinhard Tartler wrote:
On Mi, Nov 02, 2011 at 15:33:20 (CET), Yves-Alexis Perez wrote:
I'm considering the various open issues in ffmpeg in Squeeze
(CVE-2011-{3362,3504,3973,3974}).
I'm currently investigating these issues. Let's first discuss
Package: icecast2
Severity: important
Tags: security
Hi,
a minor vulnerability has been discovered in Icecast. Please see
https://bugs.launchpad.net/ubuntu/+source/icecast2/+bug/894782 for
details.
This is CVE-2011-4612, please mention it in the changelog.
This doesn't warrant a DSA. You can
Package: vlc
Severity: important
Please enable hardened build flags through dpkg-buildflags.
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
Package: mplayer2
Version: 2.0-426-gc32b3ed-2
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. The more stringent format string checks
unveiled a missing format string in the streaming code,
please contact upstream on that one.
Cheers,
Package: mplayer
Version: 2:1.0~rc4.dfsg1+svn34540-1
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. The more stringent format string checks
unveiled a missing format string in the streaming code
and the GUI, please contact upstream on
Source: libav
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. The format string checks detect a missing
format string in libavcodec/srtdec.c, please contact upstream
for that.
Cheers,
Moritz
diff -aur
Package: idjc
Version: 0.8.7-1
Severity: serious
Your package fails to build from source:
make[3]: Entering directory `/home/jmm/idjc-0.8.7/python'
Making install in prelims
make[4]: Entering directory `/home/jmm/idjc-0.8.7/python/prelims'
make[5]: Entering directory
On Mon, Jan 30, 2012 at 11:10:27PM +0100, Moritz Muehlenhoff wrote:
Package: mplayer
Version: 2:1.0~rc4.dfsg1+svn34540-1
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. The more stringent format string checks
unveiled a missing
Package: vlc
Severity: important
Hi,
libggi is scheduled for removal in Wheezy:
http://lists.debian.org/debian-release/2012/07/msg00134.html
You've already dropped the binary package in 2.0.0-1, so the only thing
left is to drop the build-dep on libggi2-dev.
Cheers,
Moritz
On Tue, Jun 26, 2012 at 06:36:56PM +0300, Rücker Thomas wrote:
Hi Jonas,
On 13/06/12 02:02, Jonas Smedegaard wrote:
Hi Thomas,
On 12-06-13 at 12:50am, Rücker Thomas wrote:
Hello, your friendly upstream here.
We just released Icecast 2.3.3 which addresses this issue.
Also for the record.
On Sun, Oct 14, 2012 at 05:00:54PM -0400, Reinhard Tartler wrote:
On Wed, Sep 26, 2012 at 4:22 AM, Yves-Alexis Perez cor...@debian.org wrote:
Source: libav
Severity: grave
Justification: user security hole
Hi,
it seems that a huge pile of CVE were allocated for ffmpeg/libav
short
Package: multimedia-video
Severity: normal
User: pkg-multimedia-maintainers@lists.alioth.debian.org
Usertags: ffmpeg-removal
multimedia-video recommends ffmpeg, which is no longer built from libav.
Please
recommend libav-tools instead.
Cheers,
Moritz
Package: idjc
Severity: normal
User: pkg-multimedia-maintainers@lists.alioth.debian.org
Usertags: ffmpeg-removal
Hi,
idjc Suggests: ffmpeg. This suggestion is spurious, while idjc uses some
libs from libav/ffmpeg, it doesn't use the ffmpeg binary, so please
remove the Suggests entirely.
Cheers,
Package: xwax
Severity: normal
Hi,
your package recommends ffmpeg. libav no longer builds the ffmpeg binary
package.
You can use avconv from libav-tools instead. The parameters used in import
are compatible.
Cheers,
Moritz
___
Package: rtmpdump
Severity: normal
rtmpdump Suggests: ffmpeg, mplayer
Both are not used in the package, so please remove them. (The ffmpeg
binary package has been dropped from libav and mplayer will likely
be removed in the future)
Cheers,
Moritz
Package: rtkit
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4326 for details
and a patch.
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
Package: vlc
Severity: grave
Tags: security patch
Justification: user security hole
This was assigned CVE-2013-4388:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
Cheers,
Moritz
___
On Fri, Oct 18, 2013 at 01:51:41PM +, Thibaut Paumard wrote:
Package: libavformat-dev
Version: 6:9.10-1
Severity: serious
File: /usr/include/libavformat/avformat.h
Hi,
My package yorick-av fails to build on s390x:
https://buildd.debian.org/status/package.php?p=yorick-av
It used
Package: mplayer
Severity: serious
Should this package be removed? If so, please reassign to ftp.debian.org
- Last upload nearly two years ago
- FTBFS for a long time
- Incompatible with current libav
- Alternatives exist (mplayer2, mpv)
Cheers,
Moritz
Package: cantata
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following was reported on oss-security:
https://code.google.com/p/cantata/issues/detail?id=356
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
Hi,
On Sat, Sep 28, 2013 at 05:43:54PM +0200, Rémi Vanicat wrote:
David Suárez david.sephi...@gmail.com writes:
Source: cmus
Version: 2.5.0-3
Severity: serious
Tags: jessie sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20130922 qa-ftbfs
Justification: FTBFS on amd64
Package: alsa-plugins
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: amide
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: audacious-plugins
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: bino
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: dvbcut
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: ffdiaporama
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: ffmpeg2theora
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: blender
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: forked-daapd
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: freerdp
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: cmus
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: gmerlin-avdecoder
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: gnash
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: harvid
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: k3b
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: linphone
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: vice
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: lynkeos.app
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: idjc
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: gpac
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: gst-libav1.0
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: guvcview
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: libquicktime
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: silan
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: lives
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: lightspark
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: libphash
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: mplayer2
Version: 2.0-701-gd4c5b7f-2
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: shotdetect
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: yorick-av
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: qmmp
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: qutecom
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: transcode
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: xjadeo
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: jitsi
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: opencv
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: strigi
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: opal
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: xine-lib
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: wxsvg
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: openscenegraph
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: xine-lib-1.2
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Source: vxl
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: zoneminder
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
Package: vtk
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
retitle 732159 RM: mplayer - RoM - unmaintained, RC-buggy, alternatives exist
reassign 732159 ftp.debian.org
thanks
On Sun, Feb 16, 2014 at 12:16:59PM -0500, Reinhard Tartler wrote:
Should this package be removed? If so, please reassign to ftp.debian.org
- Last upload nearly two years
On Fri, Apr 25, 2014 at 04:41:36PM +0200, Sebastian Ramacher wrote:
On 2014-04-25 16:40:28, Sebastian Ramacher wrote:
Hi Security Team,
On 2014-04-20 11:59:23, Salvatore Bonaccorso wrote:
Source: libmms
Version: 0.6-1
Severity: grave
Tags: security upstream fixed-upstream
Package: vlc
Severity: grave
Tags: security
Justification: user security hole
Please see http://openwall.com/lists/oss-security/2012/10/24/3
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
On Mon, Nov 26, 2012 at 08:01:03PM +0100, Arne Wichmann wrote:
I just had a look at the above mentioned problems and I am a bit unsure
about their status. As far as I can see the fixes are not applied, the
status in http://security-tracker.debian.org/tracker/source-package/libav
still lists
Package: mplayer
Version: 2:1.0~rc4.dfsg1+svn34540-1+b1
Severity: important
Tags: patch
svgalib is scheduled for removal from the archive. Please
disable the support. Patch attached.
Cheers,
Moritz
diff -aur mplayer-1.0~rc4.dfsg1+svn34540.orig/debian/control
Package: vlc
Version: 2.0.7-1
Severity: important
Hi,
svgalib is scheduled for removal from the archive. vlc already
dropped support in 2.0.0-1. But the build dep on libsvga1-dev
is still present. Please remove it as well.
Cheers,
Moritz
___
severity 717009 important
thanks
On Wed, Aug 14, 2013 at 11:08:46AM +0530, shirish शिरीष wrote:
Hi all,
With the planned transition of libav9 i.e. #706798 would the security
holes be fixed as well ?
This is currently being worked out with upstream. Most are fixed by now
or only affect ffmpeg,
On Sun, Aug 25, 2013 at 01:50:21PM +0200, David Suárez wrote:
Source: dvbcut
Version: 0.5.4+svn178-2
Severity: serious
Tags: jessie sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20130825 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your
On Sun, Aug 25, 2013 at 03:16:54PM +0200, David Suárez wrote:
Source: lives
Version: 2.0.5~ds0-1
Severity: serious
Tags: jessie sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20130825 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your
On Sun, Aug 25, 2013 at 03:31:12PM +0200, David Suárez wrote:
Source: transcode
Version: 3:1.1.7-5
Severity: serious
Tags: jessie sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20130825 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your
On Tue, Aug 27, 2013 at 04:37:39PM +0200, Moritz Muehlenhoff wrote:
On Sun, Aug 25, 2013 at 03:31:12PM +0200, David Suárez wrote:
Source: transcode
Version: 3:1.1.7-5
Severity: serious
Tags: jessie sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20130825 qa-ftbfs
On Mon, Jan 26, 2015 at 05:33:30PM +0100, Sebastian Ramacher wrote:
On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
* The potential invalid writes in modules/services_discovery/sap.c and
modules/access/ftp.c were not
Five CVEs therefore remain without upstream patches in libav:
https://security-tracker.debian.org/tracker/CVE-2014-8544
https://security-tracker.debian.org/tracker/CVE-2014-8546
https://security-tracker.debian.org/tracker/CVE-2014-9316
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
Source: vlc
Version: 2.1.5-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
multiple vulnerabilities were reported against vlc 2.1.5. The complete
mail is at http://seclists.org/oss-sec/2015/q1/187
Package: das-watchdog
Severity: grave
Tags: security
Hi,
this has been assigned CVE-2015-2831:
http://www.openwall.com/lists/oss-security/2015/04/01/8
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
Package: xbmc
Severity: important
Tags: security
Please see http://www.ocert.org/advisories/ocert-2015-006.html
Could you report this upstream?
IMO doesn't warrant an update for XBMC in stable.
Cheers,
Moritz
___
pkg-multimedia-maintainers
Source: libav
Severity: serious
It was decided to switch to ffmpeg for stretch and it's now in
testing.
Please remove libav from testing (or rather from unstable unless
someone wants to continue to maintain it in unstable/experimental
only)
Cheers,
Moritz
Package: audiofile
Severity: important
Tags: security
Please see http://www.openwall.com/lists/oss-security/2015/10/06/2
for details.
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
On Wed, May 20, 2015 at 07:08:43PM +0200, Sebastian Ramacher wrote:
> Version: 3.0.0~alpha1-1
>
> Hi Sebastian
>
> On 2015-05-20 16:03:06, sl...@debian.org wrote:
> > Source: soundconverter
> > Severity: important
> > User: sl...@debian.org
> > Usertags: gstreamer0.10-removal
> >
> > Hi
Package: advene
Severity: serious
Should advene be removed? It depends on gstreamer 0.10, which is
scheduled removal (plus, other legacy libs (python-rsvg and
python-goocanvas), this is unfixed upstream (last commit 15 months
ago) and popcon is marginal.
Please address the outstanding bugs or
1 - 100 of 104 matches
Mail list logo
