[MPlayer-cvslog] r29184 - branches/1.0rc1/libmpdemux/demux_vqf.c

Reimar Döffinger Reimar.Doeffinger at gmx.de
Thu Apr 16 10:50:46 CEST 2009


On Thu, Apr 16, 2009 at 03:01:21AM +0300, Uoti Urpala wrote:
> On Wed, 2009-04-15 at 19:40 -0400, compn wrote:
> > On Thu, 16 Apr 2009 00:38:31 +0200 (CEST), siretart wrote:
> > >Author: siretart
> > >Date: Thu Apr 16 00:38:30 2009
> > >New Revision: 29184
> > >
> > >Log:
> > >SA33136: MPlayer TwinVQ Processing Buffer Overflow Vulnerability
> > >Thanks to T. Klein, G. Iuculano, R. Döffinger. cf http://bugs.debian.org/508803
> > >Fixes CVE-2008-5616.
> > 
> > shouldnt one bump the minor version number in such fixes?
> > like 1.0rc1.1 or 1.0rc1try2 ?
> > how will we tell good rc1 vqf from bad rc1 vqf ?
> > 
> > not that this matters much as we dont support rc1 anyways.
> > (btw are you planning to patch rc2 too?)
> 
> I think he meant to patch rc3 but used the wrong branch.

No, the rc1 branch is not maintained by us but debian still needs it, so
the idea was to give them free reign (of course under our supervision)
with it.
Seems better than having everyone who still insists on supporting rc1
hoarding their own patches.
I somewhat would expect distribution maintainers to have a look at
cvslog sometimes, but of course I don't mind if someone wants to clarify
and publish this situation via news...


More information about the MPlayer-cvslog mailing list