Hi Joseph - thanks for the report. We are aware of this CVE and have triaged it in the Ubuntu CVE Tracker:
https://people.canonical.com/~ubuntu- security/cve/2016/CVE-2016-7953.html We have it rated as a 'low' which means that it will not be fixed in our stable Ubuntu releases unless there's a medium or higher issue found against libxvmc. This is to minimize regression risks for low impact security issues. ** Information type changed from Private Security to Public Security ** Changed in: libxvmc (Ubuntu) Status: New => Triaged ** Changed in: libxvmc (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxvmc in Ubuntu. https://bugs.launchpad.net/bugs/1691532 Title: CVE-2016-7953 in libxvmc 1.0.9 Status in libxvmc package in Ubuntu: Triaged Bug description: libxvmc 1.0.9 has an underflow vulnerability which is fixed in libxvmc 1.0.10. CVE: https://security-tracker.debian.org/tracker/CVE-2016-7953 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxvmc/+bug/1691532/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
