[Moritz Mühlenhoff] >> CVE-2014-9638 and CVE-2014-9639 for vorbis-tools also affect opus-tools, >> please see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776086 >> for details and reproducers. > > The jessie release is coming closer; did you hear back from upstream?
I've been told that the fix for this issue is available from <URL: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e >. Its author said it is being reviewed for inclusion in a new release. -- Happy hacking Petter Reinholdtsen
