Bug#840338: Wheezy update for libass ?

Ola Lundqvist ola at inguza.com
Wed Oct 26 19:46:57 UTC 2016 

Hi

I had a quick look at libass today regarding CVE-2016-7971.

When I read the discussion thread about this issue it looks like the
problem is not only disputed upstream, but actually disputed by the person
reporting the issue. Or rather the person reporting the issue has carified
that the problem is not in libass but rather in the application using
libass.

So if you do not mind I think we should both claim that the libass is not
vulnerable and also close #840338.

If I do not hear an objection about this I will do so.

Best regards

// Ola

On 12 October 2016 at 11:13, Sebastian Ramacher <sramacher at debian.org>
wrote:

> Hi
>
> On 2016-10-12 00:13:30, Markus Koschany wrote:
> > On 09.10.2016 23:36, Hugo Lefeuvre wrote:
> > > Hello dear maintainer(s),
> > >
> > > the Debian LTS team would like to fix the security issues which are
> > > currently open in the Wheezy version of libass:
> > > https://security-tracker.debian.org/tracker/source-package/libass
> > >
> > > Would you like to take care of this yourself?
> >
> > [...]
> >
> > Hello,
> >
> > I have prepared a security update for libass in Wheezy but I think the
> > patches can be reused for Jessie as well. I have also marked
> > CVE-2016-7970 as fixed in Wheezy and it looks to me this also applies to
> > Jessie. I'd be glad if you could take a look at the debdiff (attached)
> > and tell me what you think about CVE-2016-7970 and CVE-2016-7971 which
> > appears to be unfixed, even disputed upstream.
>
> I have not had the time to look at the CVEs in jessie yet, so I cannot say
> anothing regarding the patches for jessie and less so for wheezy.
>
> Cheers
> --
> Sebastian Ramacher
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Folkebogatan 26            \
|  opal at debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20161026/67d117d6/attachment.html>

More information about the pkg-multimedia-maintainers mailing list