Hi On 2019-03-15 15:43:15, Hugo Lefeuvre wrote: > Hi, > > > Unless a CVE affects the client part of the library, I don't think it's > > worth it. The client part is the only part used by reverse dependencies. > > What do you mean exactly with client part? The affected code is located > in liveMedia/RTSPServer.cpp. liblivemedia provides an implementation of the server and client side of RTSP. So, unless a CVE affects the code path used by the RTSP client (as for example used by vlc), I won't spend any time on it. Before you start cherry-picking the patches from experimental, I'd suggest to get in contact with the release team to do a proper transition to the new upstream version (maybe even to the 2019.03.xx release that's not yet packaged). Those new release effectively only consists of the fixes for the recent CVEs. (Yes, I know that the freeze already started.) Cheers -- Sebastian Ramacher
Attachment:
signature.asc
Description: PGP signature