I demand that Nico Golde may or may not have written... > * Steffen Joeris <[email protected]> [2008-12-16 22:35]: >> There are a few security issues (list below), which are still marked as >> TODO in our security tracker and I would like to hear your comments. Nico >> has done a great job tracking several of them down and I started to have >> a look as well, but since there were so many in one go, it would greatly >> be appreciated, if you could provide us with the necessary information. >> Could you please point us to the version it was fixed in (if it's already >> fixed) and the exact point in the code, preferrably with a patch?
http://alioth.debian.org/~dsalt-guest/security/.private/ _crash.tar contains several problematic files which either cause problems or have caused problems. CVE_patches.tar.gz is a split-up version of the oCERT patch. It may not be correctly split up; if not, provide details and I'll correct it. xine-lib-security-20081215.bundle is what I have locally committed. I intend to add the content of CVE_patches.tar.gz and any other relevant individual patches to that before I push the patches into the upstream repositories, get 1.1.16 released, then deal with the Debian side of things. I think that all of them, even those filed in the Debian BTS and marked as "normal" severity, should be fixed for lenny. > Note that we still have to validate the patches as well as some of them > looked incomplete. Maybe you could give Steffen access to #xine-private on > oftc as well so he can join the discussions in irc, that's a bit faster > than mailing :) db.d.o says "white"... done. -- | Darren Salt | linux or ds at | nr. Ashington, | Toon | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army | + RIPA NOTICE: NO CONSENT GIVEN FOR INTERCEPTION OF MESSAGE TRANSMISSION I'd like to, but I did my own thing and now I've got to undo it. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
