oss-sec mailing list archives
Re: lame: multiple vulnerabilities
From: "Dr. Thomas Orgis" <thomas.orgis () uni-hamburg de>
Date: Wed, 28 Jun 2017 15:43:35 +0200
Am Wed, 28 Jun 2017 14:03:16 +0200 schrieb Agostino Sarubbo <ago () gentoo org>:
I discovered some crashes (which will follow one-by-one) in lame.
A number of these occur inside the mpglib part, which is an old fork of the mpg123 decoder (extended with some LAME specifics). Can you check if they also occur in current mpg123 / libmpg123 (https://mpg123.org)? As mpg123 upstream, I've got that long-term plan without much actual real-world time to spend on it to finally replace those old forks of the precursor to libmpg123. A number of vulnerabilities in lame's mpglib might be a good trigger to finally consolidate this. In any case, knowing if these crashes apply to mpg123/libmpg123 would be very valuable for me. Oh, and lame upstream is not exactly dead, just very silent. Apart from these vulnerabilities, the program is quite complete in its functionality. There is still a the lame-dev () lists sourceforge net mailing list with a post from time to time. At least developers are subscribed. Alrighty then, Thomas (mpg123 maintainer) -- Dr. Thomas Orgis Universität Hamburg
Attachment:
smime.p7s
Description:
Current thread:
- lame: multiple vulnerabilities Agostino Sarubbo (Jun 28)
- Re: lame: multiple vulnerabilities Dr. Thomas Orgis (Jun 28)
- Re: lame: multiple vulnerabilities Hanno Böck (Jun 28)
- Re: lame: multiple vulnerabilities Agostino Sarubbo (Jun 28)
- Re: lame: multiple vulnerabilities Hanno Böck (Jun 28)
- Re: lame: multiple vulnerabilities Dr. Thomas Orgis (Jun 28)