[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of lame?

Hi Raphael,

thank you very much for asking!

In fact, I was about to start trying to work on this. But the fact that
ASAN, which I have no experience with yet, is required to reproduce the
vulnerabilities does not really help. :/

Also, upstream has already been made aware of the vulnerabilities, but
I consider it very unlikely that the issues will be fixed there. The
discussion has so far only lead to considering replacement of the
internal mpeglib code with linking with mpeg123 which does not really
help here:


Am Dienstag, den 11.07.2017, 14:31 +0200 schrieb Raphael Hertzog:
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:

I woulnd't mind if someone else started working on this. Quite the
contrary, I would be grateful. Nevertheless, I will probably try to get
behind these issues myself and hope that our efforts don't clash. Maybe
we'll end up with similar solutions at the end of the day. ;)


 - Fabian

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: