[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#750708: RFS: audiotools/2.21-3 [ITP] -- Collection of audio handling programs for the command line

On Sat, Oct 18, 2014 at 8:01 AM, Eric Shattow wrote:

> See:  dget -x http://mentors.debian.net/debian/pool/main/a/audiotools/audiotools_2.22+dfsg1-1.dsc

src/decoders/dvd_css.c looks like an embedded code copy of an old
version of libdvdcss, please remove it from the source package and
check for further embedded code copies.

https://wiki.debian.org/EmbeddedCodeCopies

Having libdvdcss in Debian is likely to cause a DMCA violation, please
remove the source package from mentors and upload a new source package
with all of the libdvdcss files removed.

https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act

Also, cppcheck finds a bunch of memory related coding errors. Please
fix them upstream, check if they have security implications and get
CVEs if needed.

http://oss-security.openwall.org/wiki/disclosure/cve

I would also suggest using the afl/zzuf fuzzers to find further security issues:

http://lcamtuf.coredump.cx/afl/
http://caca.zoy.org/wiki/zzuf

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
Reply to: