Re: Bug#682010: [mumble] Communication failures due to CELT codec library removal
Chris Knadle writes ("Re: Bug#682010: [mumble] Communication failures due to CELT codec library removal"):
> a) CELT 0.11.0 is newer and might have fewer security issues, so it's
> better for it to get used rather than 0.7.1
AIUI a client which supports celt version X will be vulnerable to
security bugs in celt X even if celt Y is normally used. All that
would be needed would be for someone to send it the exploit packet (or
sequence of packets) ?
So I don't buy this one.
> b) it's better to ship only one version of CELT to minimize
> security issues overall, so shipping only 0.7.1 is better
This seems correct to me.
> This is the "big test" that I was nearly finished with which incorporates
> other distributions.
Thanks for this work.
> =============================================================================
>
> Extra
> Celt Celt
> Distro version (mumble version) 0.7.1 Vers.† Opus Interop Loopback
> -----------------------------------------|-----|------|----|-------|--------|
What does "interop" mean here ? Interoperates with what ?
> *Mint Debian 201204 (1.2.3-3) | ✓ | | | ✓ | ✓ |
> *Linux Mint 13 (1.2.3-2ubuntu4) | ✓ | | | ✓ | ✓ |
> *Ubuntu 12.04 (1.2.3-2ubuntu4) | ✓ | | | ✓ | ✓ |
Also IWBNI perhaps you could use magic characters that survive
conversion to ASCII :-).
Thanks,
Ian.
Reply to: