oss-sec mailing list archives
Re: Bug#498243: xine-lib and ocert-2008-008
From: Darren Salt <linux () youmustbejoking demon co uk>
Date: Wed, 26 Nov 2008 19:26:18 +0000
[xine-user dropped; should probably have been sent to xine-devel, and this thread doesn't seem to be appearing there anyway] I demand that Matthias Hopf may or may not have written...
On Nov 22, 08 17:49:40 +0100, Thomas Viehmann wrote:
[snip]
If anyone cares to go over the xine-lib issues (primarily the unfixed ones from Will's section 3), I'd much appreciate a CC. In order to make the analysis and verification more, I would also be interested in the test cases mentioned in the advisory.
I have fixed all of them (at least I believe so, but I have to verify your test case), and we're waiting for new ocert numbers. Given that this takes so long, and the issues are public anyway, I will probably upstream the fixes soon. If you would verify them it would be awesome.
I'd appreciate these *not* being committed to the 1.1 tip: just make sure that I get the patch series (no more than one CVE no. per patch), prepared so that I can just "hg import" each one, and I'll handle things from there. (Somebody, probably me, will have to backport at least some of this lot for etch, and separate patches should make this a bit easier.) I'm currently not sure whether to do 1.1.15.1 or 1.1.16, mainly because 1.1.15.1 can be uploaded to unstable and still make it into lenny; OTOH, that'd be a new sourceful upload. And I'm not sure that we're ready for 1.1.16 yet anyway. -- | Darren Salt | linux or ds at | nr. Ashington, | Toon | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army | + Use more efficient products. Use less. BE MORE ENERGY EFFICIENT. You will be reincarnated as a toad; and you will be much happier.
Current thread:
- xine-lib and ocert-2008-008 Thomas Viehmann (Nov 22)
- Re: xine-lib and ocert-2008-008 Matthias Hopf (Nov 24)
- Re: Bug#498243: xine-lib and ocert-2008-008 Darren Salt (Nov 26)
- Re: xine-lib and ocert-2008-008 Steven M. Christey (Nov 25)
- Re: xine-lib and ocert-2008-008 Andrea Barisani (Nov 26)
- Re: xine-lib and ocert-2008-008 Nico Golde (Nov 28)
- Re: xine-lib and ocert-2008-008 Nico Golde (Nov 28)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Matthias Hopf (Nov 24)