[SECURITY] vorbis

2009-09-06 Thread Yaakov (Cygwin/X)
David, libvorbis needs a version bump to 1.2.3 ASAP for CVE-2009-2663. Yaakov

[SECURITY] vorbis-tools

2015-02-17 Thread Yaakov Selkowitz
David, vorbis-tools requires a patch for CVE-2014-9640: http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch There are other patches in that repo that you may wish to consider adding; at a minimum, I would recommend the patch for vcut: http://pkgs.fedorap

Re: [SECURITY] vorbis-tools

2015-02-19 Thread Yaakov Selkowitz
On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote: > David, > > vorbis-tools requires a patch for CVE-2014-9640: > > http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch And now another one for CVE-2014-9638 and CVE-2014-9639: http://pkgs.fedorapr

Re: [SECURITY] vorbis-tools

2015-02-21 Thread David Rothenberger
On 2/19/2015 10:53 PM, Yaakov Selkowitz wrote: > On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote: >> David, >> >> vorbis-tools requires a patch for CVE-2014-9640: >> >> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch > > And now another one fo