On Sat, 16 Jan 2010 17:06:58 -0500 Michael Gilbert wrote: > Hi all, > > I have prepared a lenny package for the theora issues that are > addressed in xulrunner. Note that two of them never got a CVE > (one should probably be requested), but have been fixed ever since > the first release of firefox 3.5. I think this should be a DSA. The > package is at http://alioth.debian.org/~gilbert-guest/libtheora. > Attached is the debdiff. Etch doesn't have the vulnerable code.
Is anyone willing to sponsor a DSA for this? I could push it as a proposed-update since that is happening very soon, but I'm pretty sure that it deserves a proper DSA. Just let me know what I should do. Mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
