Hi, * Nico Golde <email@example.com> [2009-04-26 15:43]: > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for kfreebsd-7 some time ago. > > CVE-2009-0757: > | Integer signedness error in the store_id3_text function in the ID3v2 > | code in mpg123 before 1.7.2 allows remote attackers to cause a denial > | of service (out-of-bounds memory access) and possibly execute > | arbitrary code via an ID3 tag with a negative encoding value. NOTE: > | some of these details are obtained from third party information. > > Unfortunately the vulnerability described above is not important enough > to get it fixed via regular security update in Debian stable. It does > not warrant a DSA. > > However it would be nice if this could get fixed via a regular point update. > Please contact the release team for this. > > This is an automatically generated mail, in case you are already working on an > upgrade this is of course pointless. > > For further information: >  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0757 >  http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable > > Kind regards > Nico > CVE-2009-1301: > [...] I am sorry for this, my script had a bug. I'll resend the mail. Cheers Nico -- Nico Golde - http://www.ngolde.de - firstname.lastname@example.org - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Description: PGP signature