Hi, * Nico Golde <nion@debian.org> [2009-04-26 15:43]: > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for kfreebsd-7 some time ago. > > CVE-2009-0757[0]: > | Integer signedness error in the store_id3_text function in the ID3v2 > | code in mpg123 before 1.7.2 allows remote attackers to cause a denial > | of service (out-of-bounds memory access) and possibly execute > | arbitrary code via an ID3 tag with a negative encoding value. NOTE: > | some of these details are obtained from third party information. > > Unfortunately the vulnerability described above is not important enough > to get it fixed via regular security update in Debian stable. It does > not warrant a DSA. > > However it would be nice if this could get fixed via a regular point update[1]. > Please contact the release team for this. > > This is an automatically generated mail, in case you are already working on an > upgrade this is of course pointless. > > For further information: > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0757 > [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable > > Kind regards > Nico > CVE-2009-1301[0]: > [...] I am sorry for this, my script had a bug. I'll resend the mail. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpDtoVNNptlt.pgp
Description: PGP signature