need guidance for CVE-2008-2009
Michael S. Gilbert
michael.s.gilbert at gmail.com
Sun May 3 19:58:30 UTC 2009
dear security team,
CVE-2008-2009 does not affect the etch or lenny versions of vorbis;
however, there were additional sanity checks added to the unstable
packages (bug #482039) to hopefully prevent future attacks similar to
the ones in this CVE.
should this issue be treated as unimportant and as a candidate for an
spu/ospu? or should it just be treated as unimportant?
thanks,
mike
More information about the pkg-xiph-maint
mailing list