CVE-2008-2009
Peter Samuelson
peter at p12n.org
Fri May 1 23:46:04 UTC 2009
[Michael S. Gilbert]
> please coordinate with the security team to produce fixes for the
> stable releases for the vorbis vulnerability (CVE-2008-2009, bug
> #482039). thanks.
The vulnerability is listed as only being in versions of libvorbis
prior to 1.0. I thought the only reason for bug 482039 was to provide
some insurance against discovery of possible future vulnerabilities.
Do I understand correctly? If so, I think there is little reason to
bother the security team. If there are actual known vulnerabilities,
of course that is a different matter.
--
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/attachments/20090501/6c39f616/attachment.pgp>
More information about the pkg-xiph-maint
mailing list