package: libvorbisidec severity: grave version: 1.0.2+svn16259-2 tag: security
libvorbisidec shares a large majority of its code with libvorbis. There have been quite a few security issues fixed in libvorbis over the past few years that have subsequently gone unfixed here. These include: CVE-2007-3106 CVE-2007-4029 CVE-2007-4065 CVE-2007-4066 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 CVE-2008-2009 CVE-2009-2663 CVE-2009-3379 CVE-2012-0444 I have only checked the 2009 and 2012 issues so far, but since all issued after the 1.0 release, it is very likely that most are valid. Anyway, these issues should be fixed or the package should be removed. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
