Beware libcdaudio in xmms (was Re: [SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution)
- To: debian-security@lists.debian.org
- Subject: Beware libcdaudio in xmms (was Re: [SECURITY] [DSA 1665-1] New libcdaudio packages fix arbitrary code execution)
- From: tim@fungible.com (Tim Freeman)
- Date: Wed, 12 Nov 2008 14:40:13 -0700
- Message-id: <20081112224254.4A78ED285D@fungible.com>
- In-reply-to: <20081112223018.GA22208@galadriel.inutil.org> (message from Moritz Muehlenhoff on Wed, 12 Nov 2008 23:30:18 +0100)
- References: <20081112223018.GA22208@galadriel.inutil.org>
I do not have the libcdaudio package installed, but I do have xmms
installed, and there is a libcdaudio.so on my machine. If it shares
the bug you just fixed in libcdaudio, you'll probably want to make the
same fix to xmms and publish a new xmms, or perhaps tweak xmms so it
depends on the official libcdaudio instead of having its own copy.
$ dpkg -S /usr/lib/xmms/Input/libcdaudio.so
xmms: /usr/lib/xmms/Input/libcdaudio.so
--
Tim Freeman http://www.fungible.com tim@fungible.com
Reply to: