[Secure-testing-team] security issue in libfaad2
Menno Bakker
info at audiocoding.com
Wed Dec 3 22:20:14 UTC 2008
Ah yes, I'm sorry. I seem to remember that it is this one (hope the
link works for you):
http://faac.cvs.sourceforge.net/viewvc/faac/faad2/libfaad/specrec.c?r1=1.60&r2=1.61&diff_format=u
If that's not it, please let me know, then I will have to look a bit deeper.
Regards,
Menno
On Wed, Dec 3, 2008 at 1:15 PM, Nico Golde <nico at ngolde.de> wrote:
> Hi,
> * Menno Bakker <info at audiocoding.com> [2008-12-03 22:09]:
>> This security fix does not apply to any of those applications, unless
>> they made their own security bugs :P
>> The fix only applied to the FAAD2 frontend, so it is not in the actual
>> decoding library.
>
> I am aware of the issue you are talking about but this is
> CVE-2008-4201 which is different. The issue I was talking
> about is a crash for http://sam.zoy.org/zzuf/lol-mplayer.aac
> (not related to the frontend) which doesn't crash since
> 2.6.1 anymore.
>
> Cheers
> Nico
> --
> Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.
>
More information about the Secure-testing-team
mailing list