Bug#480059: vorbis-tools vulnerable to CVE-2008-1686
Steve Kemp
skx at debian.org
Thu May 8 10:10:05 UTC 2008
On Wed May 07, 2008 at 18:12:09 -0400, Jamie Strandboge wrote:
> vorbis-tools contains embedded speex code, and although vorbis-tools is linked
> to libspeex, it compiles the vulnerable code. Attached is a debdiff that Ubuntu
> is using in its 1.1.1 versions of vorbis-tools (fuzz removed).
I'd rather see a patch that makes the vorbis-tools link
against the system-wide library, and not compile the vulnerable
code at all.
Would it be possible for you to provide such a thing, or is that
too hard?
Steve
--
More information about the pkg-xiph-maint
mailing list