Re: Wheezy update of vlc?
Hi, On Sun, May 29, 2016 at 10:10:20PM -0400, Reinhard Tartler wrote: > Also note that https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108 > doesn't provide and useful information about this issue. Is that issue also > known by a different identifier? MITRE has just not yet updated their description for the issue. CVE-2016-5108 was assigned here: https://marc.info/?l=oss-security&m=146436956931554&w=2 Cf. https://security-tracker.debian.org/tracker/CVE-2016-5108 HTH, Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Wheezy update of vlc?
On 29.05.2016 19:53 +0200, Thorsten Alteholz wrote: Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of vlc: https://security-tracker.debian.org/tracker/CVE-2016-5108 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-...@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Thorsten Alteholz, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Hello, I pushed commit with fix that: http://deb.li/igUlx I can upload it on the weekend. -- .''`. Mateusz Łukasik : :' : http://mati75.eu `. `' Debian Member - mat...@linuxmint.pl `-GPG: D93B 0C12 C8D0 4D7A AFBC FA27 CCD9 1D61 11A0 6851 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Wheezy update of vlc?
On 2016-05-29 13:53, Thorsten Alteholz wrote: Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of vlc: https://security-tracker.debian.org/tracker/CVE-2016-5108 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-...@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Thorsten Alteholz, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup The following command should yield to a more or less good starting point for a new upload that addresses the issue mentioned in that CVE: git clone git://git.debian.org/pkg-multimedia/vlc git checkout wheezy git checkout master -- debian/patches/adpcm-reject-invalid-QuickTime-IMA-files.patch echo adpcm-reject-invalid-QuickTime-IMA-files.patch >> debian/patches/series dch -i I glanced over https://wiki.debian.org/LTS/Development, but that procedure seems pretty involved. I'd appreciate if someone else could take over the necessary bureaucracy. Note that I did not test the patch myself because I was unable to find accurate documentation about what the issue is, or what test sample can be used to verify the presence or absence of the bug. Also note that https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108 doesn't provide and useful information about this issue. Is that issue also known by a different identifier? Cheers, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Wheezy update of vlc?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of vlc: https://security-tracker.debian.org/tracker/CVE-2016-5108 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-...@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Thorsten Alteholz, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers