oss-sec mailing list archives

Re: [oCERT 2008-02] libfishsound insufficient boundary

From: Andrea Barisani <lcars () ocert org>
Date: Mon, 7 Apr 2008 13:01:59 +0000


Hi,

it turned out that Speex shares the same code that affects libfishsound, so
versions <= 1.1.12 are vulnerable. Speex 1.2beta contains the fix.

The advisory at http://www.ocert.org/advisories/ocert-2008-2.html has been
updated.

Cheers!

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars () ocert org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

Current thread:

Re: [oCERT 2008-02] libfishsound insufficient boundary Andrea Barisani (Apr 07)