Hi, * A Mennucc <[email protected]> [2008-12-17 12:17]: > first of all, let me mention that TWinVQ is decoded via a binary DLL, > and will not play in a default install
Thanks, I therefore downgraded the impact of the vulnerability in our tracker. > On Mon, Dec 15, 2008 at 10:45:35PM +0100, Nico Golde wrote: > > It would be nice if we could get additional input from you > > for #407010, maybe there is a chance to fix this and > > possibly fixing this as well. > > :-> that is a difficult and hairy bug, since AFAIK, the bug is > actually in libfaad, and is fixed in the new upstream of libfaad, but > , to fix into Etch and Lenny, we would need to understand and extract > the relevant minimal patch for libfaad > > BTW was this ever reported to the faad2 mantainer? Yes, did you miss the other part of my previous mail? :) See http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-December/001947.html and the following mails in this thread. I had not time yet to test the patches upstream referenced in the last mail. Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpn1noD3yoHJ.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
