Hi Sebastian, On Thu, Dec 07, 2017 at 10:16:44AM +0200, Sebastian Dröge wrote: > Hi Salvatore, > > On Wed, 2017-12-06 at 20:32 +0100, Salvatore Bonaccorso wrote: > > > > Thank you. > > > > MITRE has assigned CVE-2017-17446 for this issue. > > > > I do not think we need a DSA for this issue, but could be fixed via a > > point release. > > Upstream did a new release with a fix for this very crash, and also > added some more checks for preventing similar bugs to the code. I'm > uploading that to unstable now. > > This release only really contains the fix, nothing else, and if that's > all fine with you it could also go into the next stable point release.
Thanks for the fix in unstable. For the point releases, yes it would look ok to me to include as well the additional hardening commit, but the final decision is obviously to be done by SRM when revieweing your proposal. I defintively would suggest to SRM to have both commits i.e. https://bitbucket.org/mpyne/game-music-emu/commits/205290614cdc057541b26adeea05a9d45993f860 and https://bitbucket.org/mpyne/game-music-emu/commits/4a441e94cba14268bc4e983d4dfd6ed112084d00 regards, Salvatore
