Comment 8 for bug 1666884

The remaining CVE's have recently been fixed (or will be once the last MR lands) in the library's repo. Also, importantly, the one CVE fix that Ubuntu did ship last year broke the library's normal operation, making it less than useful for decoding

Resubscribing ubuntu-security-sponsors since while these aren't debdiffs, it would be good to get the package updated to address the remaining CVEs and restore functionality.