Re: Bug#682010: [mumble] Communication failures due to CELT codec library removal
On Tuesday, August 14, 2012 13:19:04, Ian Jackson wrote:
> Chris Knadle writes ("Re: Bug#682010: [mumble] Communication failures due to
CELT codec library removal"):
> > a) CELT 0.11.0 is newer and might have fewer security issues, so it's
> > better for it to get used rather than 0.7.1
>
> AIUI a client which supports celt version X will be vulnerable to
> security bugs in celt X even if celt Y is normally used. All that
> would be needed would be for someone to send it the exploit packet (or
> sequence of packets) ?
Mmm. Come to think of it, yes that sounds right.
> So I don't buy this one.
That's fine. ;-)
> > b) it's better to ship only one version of CELT to minimize
> > security issues overall, so shipping only 0.7.1 is better
>
> This seems correct to me.
>
> > This is the "big test" that I was nearly finished with which incorporates
> > other distributions.
>
> Thanks for this work.
...
> What does "interop" mean here ? Interoperates with what ?
The test was done with a patched "348"-1.1 mumble-server and a patched
"348"-1.1 mumble client with bundled celt 0.7.1 only. (i.e. the patches I had
already sent.) The other OSes were running in a VM on the same box, with the
mic input going to the VM, and the mic muted in Mumble on the host. The
"Interop" checkbox indicates I heard audio out from the host when talking
through the VM. i.e. I tried to "do a real test".
> > *Mint Debian 201204 (1.2.3-3) | ✓ | | | ✓ | ✓
> > | *Linux Mint 13 (1.2.3-2ubuntu4) | ✓ | | | ✓ |
> > ✓ | *Ubuntu 12.04 (1.2.3-2ubuntu4) | ✓ | | |
> > ✓ | ✓ |
>
> Also IWBNI perhaps you could use magic characters that survive
> conversion to ASCII :-).
Ugh. There's a longer story concerning that in relation to Exim4 and 8-bit
transmission and non-conversion.
I have to rush out but if you have other questions I'll be back in about 3
hours.
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
Reply to: