Bug#750708: RFS: audiotools/2.21-3 [ITP] -- Collection of audio handling programs for the command line
On Sat, Oct 18, 2014 at 8:01 AM, Eric Shattow wrote:
> See: dget -x http://mentors.debian.net/debian/pool/main/a/audiotools/audiotools_2.22+dfsg1-1.dsc
src/decoders/dvd_css.c looks like an embedded code copy of an old
version of libdvdcss, please remove it from the source package and
check for further embedded code copies.
https://wiki.debian.org/EmbeddedCodeCopies
Having libdvdcss in Debian is likely to cause a DMCA violation, please
remove the source package from mentors and upload a new source package
with all of the libdvdcss files removed.
https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act
Also, cppcheck finds a bunch of memory related coding errors. Please
fix them upstream, check if they have security implications and get
CVEs if needed.
http://oss-security.openwall.org/wiki/disclosure/cve
I would also suggest using the afl/zzuf fuzzers to find further security issues:
http://lcamtuf.coredump.cx/afl/
http://caca.zoy.org/wiki/zzuf
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: