need guidance for CVE-2008-2009
Martin Schulze
joey at infodrom.org
Mon May 4 07:57:41 UTC 2009
Hi Michael!
Michael S. Gilbert wrote:
> dear security team,
>
> CVE-2008-2009 does not affect the etch or lenny versions of vorbis;
> however, there were additional sanity checks added to the unstable
> packages (bug #482039) to hopefully prevent future attacks similar to
> the ones in this CVE.
>
> should this issue be treated as unimportant and as a candidate for an
> spu/ospu? or should it just be treated as unimportant?
Yes. Please talk to the stable release team to find out whether they
would accept such an upload.
Regards,
Joey
--
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.
More information about the pkg-xiph-maint
mailing list