On Wed, Jun 15, 2016 at 08:03:28PM +0200, Mateusz Łukasik wrote: > I am looking for a sponsor for my package "vlc" > > * Package name : vlc > Version : 2.0.3-5+deb7u3 > https://mentors.debian.net/debian/pool/main/v/vlc/vlc_2.0.3-5+deb7u3.dsc > > Changes since the last upload: > > Fix CVE-2016-5108. (Closes: #825728)
Hi! I've reviewed the upload, but I'm not sure if you coordinated it with the LTS team. I find a contradition: https://lists.debian.org/debian-lts/2016/06/msg00031.html says vlc is no longer supported in wheezy, yet in https://lists.debian.org/debian-lts/2016/06/msg00035.html the quoted mail sounds as if the upload is expected. Should I proceed? As I haven't ever made a security upload before, mine nor sponsored, let me recap: I make a source-only upload targetted at wheezy-security to security-master, right? Tested on amd64, the patch indeed fixes the exploit posted in the CVE. -- An imaginary friend squared is a real enemy.