On Wed, Jan 4, 2012 at 1:35 AM, Michael Gilbert <michael.s.gilb...@gmail.com> wrote: > the following CVE (Common Vulnerabilities & Exposures) ids were > published for libav. > > CVE-2011-3895[2]: > | Heap-based buffer overflow in the Vorbis decoder in Google Chrome > | before 15.0.874.120 allows remote attackers to cause a denial of > | service or possibly have unspecified other impact via a crafted > | stream. >
I have forwarded this bug upstream, but it is still pending review. http://bugzilla.libav.org/show_bug.cgi?id=191 Do you guys have any exploits or samples that you could provide me to verify that the proposed patches actually fix the problem? -- regards, Reinhard -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
