On Sat, Oct 18, 2014 at 8:01 AM, Eric Shattow wrote: > See: dget -x > http://mentors.debian.net/debian/pool/main/a/audiotools/audiotools_2.22+dfsg1-1.dsc
src/decoders/dvd_css.c looks like an embedded code copy of an old version of libdvdcss, please remove it from the source package and check for further embedded code copies. https://wiki.debian.org/EmbeddedCodeCopies Having libdvdcss in Debian is likely to cause a DMCA violation, please remove the source package from mentors and upload a new source package with all of the libdvdcss files removed. https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act Also, cppcheck finds a bunch of memory related coding errors. Please fix them upstream, check if they have security implications and get CVEs if needed. http://oss-security.openwall.org/wiki/disclosure/cve I would also suggest using the afl/zzuf fuzzers to find further security issues: http://lcamtuf.coredump.cx/afl/ http://caca.zoy.org/wiki/zzuf -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
