Package: mpg123 This is mpg123 upstream formally informing you of a vulnerability (crash on illegal memory read) in all mpg123 versions since 0.60, so very likely all debian versions of mpg123 and libmpg123 are affected.
See more detail at http://mpg123.org/bugs/240 . A one-line fix for any version is this: perl -pi -e 's:(while\()(tagpos < length-10\)):${1}length >= 10 && $2:' $(find src -name id3.c) Alrighty then, Thomas
pgpUrR5qNiISt.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
