On 06/26/2013 07:42 PM, Alexandre Rebert wrote:
Hi,
We found a crash in fluidsynth contained in the fluidsynth package. You are
being
contacted because your are listed as one of the maintainer of fluidsynth.
Thanks for your report - this has now been fixed upstream:
http://sourceforge.net/p/fluidsynth/code/463/
We are planning to submit the bug to the Debian bug tracking system in two
weeks. We wanted to give you a heads-up, so that you some time to assess the
seriousness of the bug before it is publicly disclosed.
I didn't give it much thinking if this could be exploited somehow, as
I'm not a security expert. But by posting this email to a public
mailinglist (pkg-multimedia-maintainers), you have already publicly
disclosed it yourself, so I figured the best thing would be to fix the
bug and release that fix.
The bug report that will be submitted to the bug tracker is available at the
following url:
http://www.forallsecure.com/bug-reports/1963a97d53881360fc37b15d8d1187699e74936c/
This email is part of a mass bug reporting campain comprising 1,182 bugs. You
might have received multiple emails from us concerning different programs. More
information about the mass bug reporting is available on the debian-devel
mailing list:
http://lists.debian.org/debian-devel/2013/06/msg00720.html
Regards,
The Mayhem Team
Cylab, Carnegie Mellon University
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
