Bug#776086: vorbis-tools: CVE-2014-9638 CVE-2014-9639 CVE-2014-9640
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 28 14:41:05 UTC 2015
Hi Martin, hi Moritz,
On Thu, Feb 12, 2015 at 06:12:39PM +0100, Martin Steghöfer wrote:
> Moritz Muehlenhoff wrote:
> >Did you contact upstream, are fixes available for these?
>
> There are bug tracker items available for the two remaining issues [1] [2],
> but there has been no movement so far.
I have not looked into this in detail, but on the vorbis-dev list
there was a proposed patch from Kamil Dudka from Red Hat:
http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
see as well https://bugzilla.redhat.com/show_bug.cgi?id=1184449#c6
Regards,
Salvatore
More information about the pkg-xiph-maint
mailing list