Package: libvorbis Version: 1.1.2.dfsg-1.4 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libvorbis.
CVE-2009-2663[0]: | libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and | 3.5.x before 3.5.2 and other products, allows context-dependent | attackers to cause a denial of service (memory corruption and | application crash) or possibly execute arbitrary code via a crafted | .ogg file. Please coordinate with the security team to prepare updates for the stable releases. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663 http://security-tracker.debian.net/tracker/CVE-2009-2663 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
