Control: tags -1 + confirmed On Sun, 2018-06-10 at 14:59 -0400, Hugo Lefeuvre wrote: > lame 3.99.5+repack1-7+deb8u1 is affected by several vulnerabilities > in > the code used to read the input file. These issues are not present in > any Debian release after Jessie because the package switched to > libsndfile to read and write audio files. The upstream code itself > was > recently fixed in 3.100. > > Following advices from lame's upstream and from lame's maintainer I > proposed the attached patch. In this patch we modify the Jessie > package to use libsndfile instead of the internal code. The security > team considers these issues not worth a DSA but recommended me to > submit this patch as jessie-pu. >
+lame (3.99.5+repack1-7+deb8u2) oldstable; urgency=high Please use "jessie" as the distribution there, and feel free to upload. Regards, Adam
