Coin, Quoting Jonathan Nieder <jrnie...@gmail.com>:
Format string includes filename, which I believe can be arbitrary. Looks like a low-severity security bug. (Attacker tricks victim into opening sound file with funny name. Then...)
Yes, that's true for any package needing a format-security patch.I'll prepare a package for stable, but i'm gonna solve the problem in unstable by a removal, as nobody has stepped to handle maintainership since i asked for help on #622013 and alerted the GNU application maintainer.
Regards. -- Marc Dequènes (Duck)
pgpGmZXdyczIl.pgp
Description: PGP Digital Signature
