Benjamin, thanks for working on this issue. However, the security-sponsors process is intended to get security fixes into the stable releases; upgrading vlc in its entirety from 2.0.3 or 2.0.4 to 2.0.5, with all the other unrelated changes that are included, would be better handled through the SRU process: https://wiki.ubuntu.com/StableReleaseUpdates
If you do not wish to do the SRU, you could prepare a smaller patch that addresses only specific security issues. This could result in a debdiff of reasonable size, one that facilities review of the changes. I have unsubscribed ubuntu-security-sponsors; please re-subscribe ubuntu-security-sponsors once a debdiff is available for review. Thank you -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1084054 Title: Denial of service via crafted PNG file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1084054/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
