* Christian Marillat: >> | Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the >> | zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows >> | attackers to cause a denial of service (application crash) and >> | possibly execute arbitrary code via long data during a reception >> | error. NOTE: some of these details are obtained from third party >> | information. >> >> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3121> >> >> I don't know what zvbi-ntsc-cc does, so this might not be a security >> issue after all. Please investigate. Thanks! > > What to do with this bug report ? CVE is still a canditate after more > than 2 months.
This doesn't mean anything, as I tried to explain in my June 16 message: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429221#17> The correct way to deal with this bug is to check what the vulnerable code in ZVBI actually does, and based on that, decide whether a security update for stable is necessary. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
