Wheezy update of lame?
Fabian Greffrath
fabian at debian.org
Wed Jul 12 19:23:21 UTC 2017
Hi Raphael,
thank you very much for asking!
In fact, I was about to start trying to work on this. But the fact that
ASAN, which I have no experience with yet, is required to reproduce the
vulnerabilities does not really help. :/
Also, upstream has already been made aware of the vulnerabilities, but
I consider it very unlikely that the issues will be fixed there. The
discussion has so far only lead to considering replacement of the
internal mpeglib code with linking with mpeg123 which does not really
help here:
https://sourceforge.net/p/lame/mailman/message/35918740/
Am Dienstag, den 11.07.2017, 14:31 +0200 schrieb Raphael Hertzog:
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:
I woulnd't mind if someone else started working on this. Quite the
contrary, I would be grateful. Nevertheless, I will probably try to get
behind these issues myself and hope that our efforts don't clash. Maybe
we'll end up with similar solutions at the end of the day. ;)
Cheers,
- Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20170712/cb4d0b4b/attachment-0001.sig>
More information about the pkg-multimedia-maintainers
mailing list