CVE-2008-2009 as candidate for spu/ospu

To: debian-release@lists.debian.org, pkg-xiph-maint@lists.alioth.debian.org, team@security.debian.org
Subject: CVE-2008-2009 as candidate for spu/ospu
From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Mon, 4 May 2009 15:38:32 -0400
Message-id: <20090504153832.952bd1cd.michael.s.gilbert@gmail.com>

CVE-2008-2009 looks like a good candidate for an spu/ospu.  Patches were
added to the unstable packages to harden against attacks similar to
this. It would be useful to have these patches in the stable releases to
provide added protection for users. See bug report [1] and mailing list
discussion [2].

Please coordinate with the release and security teams if you plan to
work on this.

[1] http://bugs.debian.org/482039
[2]
http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/2009-April/001511.html

Reply to:

Prev by Date: Re: GNUstep libraries soname bump
Next by Date: Re: GNUstep libraries soname bump
Previous by thread: Re: binNMUs for libgladeui
Next by thread: give back drivel on mips and mipsel ?
Index(es):
- Date
- Thread