On Wed May 07, 2008 at 18:12:09 -0400, Jamie Strandboge wrote: > vorbis-tools contains embedded speex code, and although vorbis-tools is linked > to libspeex, it compiles the vulnerable code. Attached is a debdiff that > Ubuntu > is using in its 1.1.1 versions of vorbis-tools (fuzz removed).
I'd rather see a patch that makes the vorbis-tools link against the system-wide library, and not compile the vulnerable code at all. Would it be possible for you to provide such a thing, or is that too hard? Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
