[Secure-testing-team] security issue in libfaad2
Menno Bakker
info at audiocoding.com
Wed Dec 3 20:57:01 UTC 2008
This security fix does not apply to any of those applications, unless
they made their own security bugs :P
The fix only applied to the FAAD2 frontend, so it is not in the actual
decoding library.
Menno
On Wed, Dec 3, 2008 at 11:36 AM, Nico Golde <nion at debian.org> wrote:
> Hi,
> your 2.6.1 release fixes a security issue which I work on
> currently for Debian.
> Currently this is tracked as
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244
> (which is exactly this issue:
> http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b9;style=gitweb)
> and is also part of
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4610
>
> I confirmed that this is fixed in 2.6.1 since xine doesn't
> crash with this file anymore and the 2.6.1 changes are
> included in the latest xine version.
>
> But looking at the patch the xine people applied I am not
> sure what the fix is, this patch is just too large to find
> that out. As this also affects mplayer for Debian, can you
> tell me what fixed this issue and what was the nature of
> this?
>
> My comments regarding this are online at:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407010#91
>
> Cheers
> Nico
>
> --
> Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.
>
More information about the Secure-testing-team
mailing list