Bug#873718: Fixes for security vulnerabilities on libgig?
Christian Schoenebeck
schoenebeck at linuxsampler.org
Wed Aug 30 17:51:54 UTC 2017
On Wednesday, August 30, 2017 15:09:39 Raphael Hertzog wrote:
> [ Copy to the Debian bugtracker ]
>
> Hello Christian,
Hi Raphael,
> a few security issues have been reported against libgig:
> http://seclists.org/fulldisclosure/2017/Aug/39
>
> The reproducer files are attached too:
> http://seclists.org/fulldisclosure/2017/Aug/att-39/poc_zip.bin
>
> I wanted to check that you were aware of those issues and if
> you had any patch already.
Thanks for letting me know. And no, I don't have any patch against those
issues on my side yet. I see you already came up with some, so I will have a
look at your patches.
> I could not find any bug tracker
> with open issues so I'm writing to you directly. The subversion
> repository has no recent history related to those issues either.
We do have a bug tracker:
https://bugs.linuxsampler.org
However it currently does not accept new user (self)registrations, because we
had to struggle with massive spam bot attacks on that tracker. So we decided
to disable self-registrations for a while.
Thanks!
CU
Christian
More information about the pkg-multimedia-maintainers
mailing list