[Secure-testing-team] Bug#552743: CVE-2009-3378: liboggplay issue discovered by Mozilla
Moritz Muehlenhoff
jmm at debian.org
Wed Oct 28 22:21:11 UTC 2009
Package: liboggplay
Severity: grave
Tags: security
Firefox 3.5.4 fixed a security issue in the embedded liboggplay
copy: http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
I checked the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=500311
and it is missing in the version from unstable.
BTW, the fixes for liboggz and libvorbis (also from Firefox
3.5.4) are already fixed in unstable, but still need to be fixed
for stable-security. If you can prepare updated packages, please
contact team at security.debian.org
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list