[Secure-testing-team] security issue in libfaad2
Nico Golde
nion at debian.org
Wed Dec 3 19:36:27 UTC 2008
Hi,
your 2.6.1 release fixes a security issue which I work on
currently for Debian.
Currently this is tracked as
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244
(which is exactly this issue:
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b9;style=gitweb)
and is also part of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4610
I confirmed that this is fixed in 2.6.1 since xine doesn't
crash with this file anymore and the 2.6.1 changes are
included in the latest xine version.
But looking at the patch the xine people applied I am not
sure what the fix is, this patch is just too large to find
that out. As this also affects mplayer for Debian, can you
tell me what fixed this issue and what was the nature of
this?
My comments regarding this are online at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407010#91
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081203/55e4b2dd/attachment.pgp
More information about the Secure-testing-team
mailing list