On Sun, Jun 10, 2018 at 02:59:49PM -0400, Hugo Lefeuvre wrote: > > lame 3.99.5+repack1-7+deb8u1 is affected by several vulnerabilities in > the code used to read the input file. These issues are not present in > any Debian release after Jessie because the package switched to > libsndfile to read and write audio files. The upstream code itself was > recently fixed in 3.100. FWIW, patch looks fine.
Cheers,
Moritz
