Am 12.05.2016 um 15:16 schrieb Santiago Ruano Rincón: [...] >>>> qemu >>>> qemu-kvm >>>> xen > xen will be supported. >>>> libvirt > > qemu and qemu-kvm were triaged as unsupported for CVE-2016-3712, but I > think Guido is studying how to support virtualisation related packages, > and maybe we should wait for his evaluation. >>>> ffmpeg -> libav > waiting for input. > >>>> vlc >>>> rails -> several split packages (only the 3.2 packages are supported in wheezy) > ... >> >> The versions of libav and vlc in wheezy are all EOLed upstream. vlc is also >> behind some upstream releases in the 2.0.x series. If anyone intends to keep vlc >> alive for wheezy LTS, I'd recommend to upgrade to latest release there first. > > For CVE-2016-3941, vlc has been triaged as unsupported in wheezy, so I > updated security-support-ended.deb7 accordingly in git. [...] Hello, I saw those commits too yesterday. I would suggest that we discuss EOLed packages on debian-lts before we mark CVEs as unsupported in Wheezy LTS. We should defer the decision about quemu until Guido has concluded his findings. The same goes for vlc and Brian May's investigation into the maintainability of libav and related apps. In any case we should always update debian-security-support as well when we decide to end support for packages. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature