Beware libcdaudio in xmms (was Re: [SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution)

To: debian-security@lists.debian.org
Subject: Beware libcdaudio in xmms (was Re: [SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution)
From: tim@fungible.com (Tim Freeman)
Date: Wed, 12 Nov 2008 14:40:13 -0700
Message-id: <20081112224254.4A78ED285D@fungible.com>
In-reply-to: <20081112223018.GA22208@galadriel.inutil.org> (message from Moritz Muehlenhoff on Wed, 12 Nov 2008 23:30:18 +0100)
References: <20081112223018.GA22208@galadriel.inutil.org>

I do not have the libcdaudio package installed, but I do have xmms
installed, and there is a libcdaudio.so on my machine.  If it shares
the bug you just fixed in libcdaudio, you'll probably want to make the
same fix to xmms and publish a new xmms, or perhaps tweak xmms so it
depends on the official libcdaudio instead of having its own copy.

   $ dpkg -S /usr/lib/xmms/Input/libcdaudio.so
   xmms: /usr/lib/xmms/Input/libcdaudio.so

-- 
Tim Freeman               http://www.fungible.com           tim@fungible.com

Reply to:

Follow-Ups:
- Re: Beware libcdaudio in xmms (was Re: [SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution)
  - From: tim@fungible.com (Tim Freeman)

Prev by Date: Re: Beware libcdaudio in xmms (was Re: [SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution)
Next by Date: Re: [SECURITY] [DSA 1666-1] New libxml2 packages fix several vulnerabilities
Previous by thread: Re: [DSA 1663-1] New net-snmp packages fix several vulnerabilities
Next by thread: Re: Beware libcdaudio in xmms (was Re: [SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution)
Index(es):
- Date
- Thread