fix for 445595 - smpeg NMU
I have done an NMU of version 0.4.5+cvs20030824-2.1 of the smpeg package. It
has two lines of change as included in a patch on the above bug report.
There has been no response from the maintainer, the bug is almost a year old,
and it has security implications.
The above blog post has some background.
I think it would be good to get this into Lenny. I expect that including an
NMU at late notice would be something you would prefer not to do. But given
that it reduces security by permitting stack overflow bugs in applications
that use it I think it's worthy of inclusion.
I waited two weeks after proposing an NMU and blogging about it with no
response. If anyone was watching and had any objection I'm sure I would have
heard it by now.
http://etbe.coker.com.au/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development