dla-needed.txt: Update note for ffmpeg in stretch LTS.

author: Chris Lamb <lamby@debian.org> 2020-07-07 15:17:11 +0100
committer: Chris Lamb <lamby@debian.org> 2020-07-08 15:26:43 +0100
commit: ee79320dbf2c2e7df1c672a53d20aaf24036ce19 (patch)
tree: 683dee1608013213fe6301d5843c3bb95e89015a /data
parent: d52e7c151131952624f16af54cce5741f27c11fe (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index de6c8990f1..f0b5d2c46f 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -43,6 +43,12 @@ curl (Thorsten Alteholz)
 --
 ffmpeg (Adrian Bunk)
   NOTE: 20200707: Vulnerable to at least CVE-2020-13904. (lamby)
+  NOTE: 20200707: According jmm, ffmpeg in stretch follows the 3.2.x releases
+  NOTE: 20200707: (same as for buster, which he is rebasing to 4.1.6 in the
+  NOTE: 20200707: next few days) [stretch] should continue to do for LTS as
+  NOTE: 20200707: long as 3.2 releases are made, only a minor subset of
+  NOTE: 20200707: ffmpeg bugs get a CVE assigned. There was a 3.2.15 release a
+  NOTE: 20200707: few days ago, which should fix this and many others. (lamby)
 --
 firefox-esr (Emilio)
 --
author	Chris Lamb <lamby@debian.org>	2020-07-07 15:17:11 +0100
committer	Chris Lamb <lamby@debian.org>	2020-07-08 15:26:43 +0100
commit	ee79320dbf2c2e7df1c672a53d20aaf24036ce19 (patch)
tree	683dee1608013213fe6301d5843c3bb95e89015a /data
parent	d52e7c151131952624f16af54cce5741f27c11fe (diff)