[Secure-testing-team] mplayer security fix for lenny

Thu Dec 18 14:20:58 UTC 2008

Hi,
* A Mennucc <debdev at tonelli.sns.it> [2008-12-18 14:35]:
> On Wed, Dec 17, 2008 at 03:40:27PM +0100, Nico Golde wrote:
> > * A Mennucc <debdev at tonelli.sns.it> [2008-12-17 15:35]:
> > > On Wed, Dec 17, 2008 at 12:41:18PM +0100, Nico Golde wrote:
> > > > > BTW was this ever reported to the faad2 mantainer? 
> > > > 
> > > > Yes, did you miss the other part of my previous mail? :)
> > > > See http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-December/001947.html
> > > 
> > > I think there is a misunderstanding here. What I mean, is:
> > > we need to submit a bug report against faad2 in Debian,
> > >  so that the Debian mantainer (M.W.S.Bell) is aware of all this.
> > 
> > Ah ok, got your point. This won't help in this case as you 
> > don't build against the system wide copy of faad and all 
> > present faad versions in Debian don't have this bug.
> 
> hmm... now it is me, I was in a  misunderstanding
> 
> I thought that mplayer was using the external libfaad, since it is
> linked against it; but after looking at the build log ,
> I stand corrected, the building process builds the internal
> libfaad and it  links
> 
> I have prepared another source 
>    pub/lenny/mplayer_1.0~rc2-17+lenny3.dsc
> 
> that has 'configure' options so that is built with the external
> libfaaad; this one does not crash on the file lol-mplayer.aac 

Ok thanks, please go ahead uploading it as explained on:
http://testing-security.debian.net/uploading.html

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081218/19fa9711/attachment.pgp