[Secure-testing-team] mplayer security fix for lenny
Nico Golde
debian-secure-testing+ml at ngolde.de
Wed Dec 17 11:41:18 UTC 2008
Hi,
* A Mennucc <debdev at tonelli.sns.it> [2008-12-17 12:17]:
> first of all, let me mention that TWinVQ is decoded via a binary DLL,
> and will not play in a default install
Thanks, I therefore downgraded the impact of the
vulnerability in our tracker.
> On Mon, Dec 15, 2008 at 10:45:35PM +0100, Nico Golde wrote:
> > It would be nice if we could get additional input from you
> > for #407010, maybe there is a chance to fix this and
> > possibly fixing this as well.
>
> :-> that is a difficult and hairy bug, since AFAIK, the bug is
> actually in libfaad, and is fixed in the new upstream of libfaad, but
> , to fix into Etch and Lenny, we would need to understand and extract
> the relevant minimal patch for libfaad
>
> BTW was this ever reported to the faad2 mantainer?
Yes, did you miss the other part of my previous mail? :)
See http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-December/001947.html
and the following mails in this thread. I had not time yet
to test the patches upstream referenced in the last mail.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081217/e396975b/attachment.pgp
More information about the Secure-testing-team
mailing list