Re: Bug#682010: [mumble] Communication failures due to CELT codec library removal

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Chris Knadle writes ("Re: Bug#682010: [mumble] Communication failures due to CELT codec library removal"):
>    a) CELT 0.11.0 is newer and might have fewer security issues, so it's
>       better for it to get used rather than 0.7.1

AIUI a client which supports celt version X will be vulnerable to
security bugs in celt X even if celt Y is normally used.  All that
would be needed would be for someone to send it the exploit packet (or
sequence of packets) ?

So I don't buy this one.

>    b) it's better to ship only one version of CELT to minimize
>       security issues overall, so shipping only 0.7.1 is better

This seems correct to me.

> This is the "big test" that I was nearly finished with which incorporates 
> other distributions.

Thanks for this work.

> =============================================================================
> 
>                                                 Extra
>                                           Celt  Celt
> Distro version (mumble version)           0.7.1 Vers.† Opus Interop Loopback 
> -----------------------------------------|-----|------|----|-------|--------|

What does "interop" mean here ?  Interoperates with what ?

> *Mint Debian 201204 (1.2.3-3)            |  ✓  |      |    |   ✓   |    ✓   |
> *Linux Mint 13 (1.2.3-2ubuntu4)          |  ✓  |      |    |   ✓   |    ✓   |
> *Ubuntu 12.04 (1.2.3-2ubuntu4)           |  ✓  |      |    |   ✓   |    ✓   |

Also IWBNI perhaps you could use magic characters that survive
conversion to ASCII :-).

Thanks,
Ian.