Comment 8 for bug 370031

Dapper code seems to not be affected. There is no id3.c and grepping for the strings also return no results.

There is no released POC for this exploit and no inbuilt tests. The resulting .dsc was built on all releases and builds ok.

Testing was done to ensure that mpg123 still works as expected by playing random mp3 files and checking the id3 tag information was displayed.

The patch itself is of low impact as it introduces no ABI / API changes but just convers an integer to unsigned integer.