Hi, I noticed you reported this CVE against libmodplug:
On Thu, Aug 17, 2006, Alec Berryman wrote: > CVE-2006-4192: "Multiple buffer overflows in MODPlug Tracker (OpenMPT) > 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow > user-assisted remote attackers to execute arbitrary code via (1) long > strings in ITP files used by the CSoundFile::ReadITProject function in > soundlib/Load_it.cpp and (2) crafted modules used by the > CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated > by crafted AMF files." But gst-plugins-bad0.10 is affected as well. (I've filed a bug against gst-plugins-bad0.10, but it didn't arrive yet.) Could you please add gst-plugins-bad0.10 to the embedded-code-copies file for libmodplug? (Please Cc: me, I'm not on the list.) Thanks, -- Loïc Minier <[EMAIL PROTECTED]> _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
