On Tue, 2005-11-22 at 23:31 +0100, Jérôme Marant wrote:
> Hi,
>
> I've just noticed that this security bug has not been fixed:
>
> #332919: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB response parsing
>
> Any action taken?
This bug has been addressed for stable in DSA-863, it's only etch/sid
which have to be fixed. The package has two maintainers, but I can't
trace recent activity for any of them.
I've prepared updated packages for xine-lib, which fix this security
issue and the FTBFS-bug. They thus fix 2 RC bugs (or 3 if you count
merged separately). The diff is attached, the updated packages can be
found here: http://www.a-eskwadraat.nl/~kink/xine-lib/
Since I can't upload them myself, maybe someone else can review and
upload?
On Tue, 2005-11-22 at 23:31 +0100, Jérôme Marant wrote:
> Hi,
>
> I've just noticed that this security bug has not been fixed:
>
> #332919: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB response parsing
>
> Any action taken?
This bug has been addressed for stable in DSA-863, it's only etch/sid
which have to be fixed. The package has two maintainers, but I can't
trace recent activity for any of them.
I've prepared updated packages for xine-lib, which fix this security www.a-eskwadraa t.nl/~kink/ xine-lib/
issue and the FTBFS-bug. They thus fix 2 RC bugs (or 3 if you count
merged separately). The diff is attached, the updated packages can be
found here: http://
Since I can't upload them myself, maybe someone else can review and
upload?
regards,
Thijs