On Mon, 10 Aug 2009 23:01:36 -0500, Peter Samuelson wrote: > > > CVE-2009-2663[0]: > > | libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and > > | 3.5.x before 3.5.2 and other products, allows context-dependent > > | attackers to cause a denial of service (memory corruption and > > | application crash) or possibly execute arbitrary code via a crafted > > | .ogg file. > > Thanks, I'll prepare updates for etch, lenny, and sid. I assume the > Mozillae in Debian use the system libvorbis, not a separate copy.
no, in fact they embed, and i've submitted a bug for that separately. thanks for working this! mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org