[Secure-testing-team] mplayer security fix for lenny
A Mennucc
debdev at tonelli.sns.it
Thu Dec 18 13:00:11 UTC 2008
On Wed, Dec 17, 2008 at 03:40:27PM +0100, Nico Golde wrote:
> Hi,
> * A Mennucc <debdev at tonelli.sns.it> [2008-12-17 15:35]:
> > On Wed, Dec 17, 2008 at 12:41:18PM +0100, Nico Golde wrote:
> > > > BTW was this ever reported to the faad2 mantainer?
> > >
> > > Yes, did you miss the other part of my previous mail? :)
> > > See http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-December/001947.html
> >
> > I think there is a misunderstanding here. What I mean, is:
> > we need to submit a bug report against faad2 in Debian,
> > so that the Debian mantainer (M.W.S.Bell) is aware of all this.
>
> Ah ok, got your point. This won't help in this case as you
> don't build against the system wide copy of faad and all
> present faad versions in Debian don't have this bug.
hmm... now it is me, I was in a misunderstanding
I thought that mplayer was using the external libfaad, since it is
linked against it; but after looking at the build log ,
I stand corrected, the building process builds the internal
libfaad and it links
I have prepared another source
pub/lenny/mplayer_1.0~rc2-17+lenny3.dsc
that has 'configure' options so that is built with the external
libfaaad; this one does not crash on the file lol-mplayer.aac
a.
More information about the Secure-testing-team
mailing list