On Mon, 10 Aug 2009 23:01:36 -0500, Peter Samuelson wrote:
> 
> > CVE-2009-2663[0]:
> > | libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and
> > | 3.5.x before 3.5.2 and other products, allows context-dependent
> > | attackers to cause a denial of service (memory corruption and
> > | application crash) or possibly execute arbitrary code via a crafted
> > | .ogg file.
> 
> Thanks, I'll prepare updates for etch, lenny, and sid.  I assume the
> Mozillae in Debian use the system libvorbis, not a separate copy.

no, in fact they embed, and i've submitted a bug for that separately.
thanks for working this!

mike



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to