Source: libvpx Version: 1.3.0-2.1 Severity: grave Tags: security patch Justification: user security hole
Hi, an out of bound write vulnerability in libvpx has been fixed in a recent Mozilla advisory [1], and a patch is also provided [2]. Can you prepare an update for unstable and push it asap? Also, I'm unsure if the vulnerability affects stable, so it might be worth checking there too (and coordinate with us for an upload). If you fix the vulnerability, please add the CVE reference (CVE-2014-1578) to the changelog. [1]: https://www.mozilla.org/security/announce/2014/mfsa2014-77.html [2]: https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba Thanks in advance, -- Yves-Alexis Perez - Debian security team -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org