Control: severity -1 grave Control: tags -1 security fixed-upstream Control: found -1 0.60-1
Hi, On 27/09/16 06:47, Thomas Orgis wrote: > Package: mpg123 > > This is mpg123 upstream formally informing you of a vulnerability > (crash on illegal memory read) in all mpg123 versions since 0.60, so > very likely all debian versions of mpg123 and libmpg123 are affected. > > See more detail at http://mpg123.org/bugs/240 . A one-line fix for any > version is this: > > perl -pi -e 's:(while\()(tagpos < length-10\)):${1}length >= 10 && $2:' > $(find src -name id3.c) Thanks for letting Debian know! Does this have a CVE ID? If not it should get one. James
signature.asc
Description: OpenPGP digital signature
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
