From ee79320dbf2c2e7df1c672a53d20aaf24036ce19 Mon Sep 17 00:00:00 2001
From: Chris Lamb <lamby@debian.org>
Date: Tue, 7 Jul 2020 15:17:11 +0100
Subject: dla-needed.txt: Update note for ffmpeg in stretch LTS.

---
 data/dla-needed.txt | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'data')

diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index de6c8990f1..f0b5d2c46f 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -43,6 +43,12 @@ curl (Thorsten Alteholz)
 --
 ffmpeg (Adrian Bunk)
   NOTE: 20200707: Vulnerable to at least CVE-2020-13904. (lamby)
+  NOTE: 20200707: According jmm, ffmpeg in stretch follows the 3.2.x releases
+  NOTE: 20200707: (same as for buster, which he is rebasing to 4.1.6 in the
+  NOTE: 20200707: next few days) [stretch] should continue to do for LTS as
+  NOTE: 20200707: long as 3.2 releases are made, only a minor subset of
+  NOTE: 20200707: ffmpeg bugs get a CVE assigned. There was a 3.2.15 release a
+  NOTE: 20200707: few days ago, which should fix this and many others. (lamby)
 --
 firefox-esr (Emilio)
 --
-- 
cgit v1.2.3