Hi, * sean finney <sean...@debian.org> [2008-12-26 21:16]: > it looks to me like the patch solves (1) just fine, and that (2) is in fact > the same problem as CVE-2008-5246 (same files/functions, no other activity > in these files besides the same fix). > > do you agree?
Yes indeed, I came to the same conclusion, see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243#81 > in the meantime I am preparing an NMU with the patch for (1) applied. No need for an NMU I think, Darren is heavily working on these issues, check: http://alioth.debian.org/~dsalt-guest/security/.private/ The coordination is a bit chaotic at the moment, spread over private mails, irc queries, #xine-private and the bts :/ Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpzpeHRxL7jm.pgp
Description: PGP signature
