Bug#704870: opus: cve-2013-0899

2013-04-12 Thread Ron
On Thu, Apr 11, 2013 at 09:55:31PM -0400, Michael Gilbert wrote: > Anyway, it is a pretty small and clear patch, so I've gone ahead and > uploaded an nmu to delayed/5. Please let me know if I should delay > longer, or if you want to do the upload yourself. Since you've pushed this out already, yo

Bug#704870: opus: cve-2013-0899

2013-04-11 Thread Michael Gilbert
control: tag -1 pending On Tue, Apr 9, 2013 at 8:12 AM, Ron wrote: > The idea of blindly applying a cherry-picked "patch with some fuzz", without > properly analysing its interaction with the patches that wouldn't be applied > or assessing its severity against those does sound a lot like security

Processed: Re: Bug#704870: opus: cve-2013-0899

2013-04-11 Thread Debian Bug Tracking System
Processing control commands: > tag -1 pending Bug #704870 [opus] opus: cve-2013-0899 Added tag(s) pending. -- 704870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704870 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ..

Bug#704870: opus: cve-2013-0899

2013-04-09 Thread Ron
Hi, On Sat, Apr 06, 2013 at 08:00:56PM -0400, Michael Gilbert wrote: > Package: opus > Severity: serious > Version: 0.9.14+20120615-1 > Tags: security > > Hi, > the following vulnerability was published for opus. So ... I'm not particularly convinced that this issue is actually 'serious' in th

Bug#704870: opus: cve-2013-0899

2013-04-08 Thread Chris Knadle
tags 704870 + patch thanks Gregor -- thanks for finding the links. The .diff just had different line numbers, so would likely apply with fuzz, but I made a quick patch that doesn't agaist the git repo. I would have made a quilt patch, but this looks like a package in 1.0 format. -- Chris --

Bug#704870: opus: cve-2013-0899

2013-04-07 Thread gregor herrmann
On Sat, 06 Apr 2013 20:00:56 -0400, Michael Gilbert wrote: > CVE-2013-0899[0]: > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0899 > http://security-tracker.debian.org/tracker/CVE-2013-0899 Clicking through the links in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-08

Bug#704870: opus: cve-2013-0899

2013-04-06 Thread Michael Gilbert
Package: opus Severity: serious Version: 0.9.14+20120615-1 Tags: security Hi, the following vulnerability was published for opus. CVE-2013-0899[0]: | Integer overflow in the padding implementation in the | opus_packet_parse_impl function in src/opus_decoder.c in Opus before | 1.0.2, as used in Go