On Thu, Apr 11, 2013 at 09:55:31PM -0400, Michael Gilbert wrote:
> Anyway, it is a pretty small and clear patch, so I've gone ahead and
> uploaded an nmu to delayed/5. Please let me know if I should delay
> longer, or if you want to do the upload yourself.
Since you've pushed this out already, yo
control: tag -1 pending
On Tue, Apr 9, 2013 at 8:12 AM, Ron wrote:
> The idea of blindly applying a cherry-picked "patch with some fuzz", without
> properly analysing its interaction with the patches that wouldn't be applied
> or assessing its severity against those does sound a lot like security
Hi,
On Sat, Apr 06, 2013 at 08:00:56PM -0400, Michael Gilbert wrote:
> Package: opus
> Severity: serious
> Version: 0.9.14+20120615-1
> Tags: security
>
> Hi,
> the following vulnerability was published for opus.
So ... I'm not particularly convinced that this issue is actually 'serious'
in th
tags 704870 + patch
thanks
Gregor -- thanks for finding the links.
The .diff just had different line numbers, so would likely apply with fuzz,
but I made a quick patch that doesn't agaist the git repo.
I would have made a quilt patch, but this looks like a package in 1.0 format.
-- Chris
--
On Sat, 06 Apr 2013 20:00:56 -0400, Michael Gilbert wrote:
> CVE-2013-0899[0]:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0899
> http://security-tracker.debian.org/tracker/CVE-2013-0899
Clicking through the links in
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-08
Package: opus
Severity: serious
Version: 0.9.14+20120615-1
Tags: security
Hi,
the following vulnerability was published for opus.
CVE-2013-0899[0]:
| Integer overflow in the padding implementation in the
| opus_packet_parse_impl function in src/opus_decoder.c in Opus before
| 1.0.2, as used in Go
6 matches
Mail list logo
