|
Message-ID: <5009DB4198%linux@youmustbejoking.demon.co.uk> Date: Wed, 26 Nov 2008 19:26:18 +0000 From: Darren Salt <linux@...mustbejoking.demon.co.uk> To: Matthias Hopf <mhopf@...e.de>, 498243@...s.debian.org Cc: oss-security@...ts.openwall.com, redpig@...rt.org Subject: Re: Bug#498243: xine-lib and ocert-2008-008 [xine-user dropped; should probably have been sent to xine-devel, and this thread doesn't seem to be appearing there anyway] I demand that Matthias Hopf may or may not have written... > On Nov 22, 08 17:49:40 +0100, Thomas Viehmann wrote: [snip] >> If anyone cares to go over the xine-lib issues (primarily the unfixed >> ones from Will's section 3), I'd much appreciate a CC. In order to make >> the analysis and verification more, I would also be interested in the >> test cases mentioned in the advisory. > I have fixed all of them (at least I believe so, but I have to verify your > test case), and we're waiting for new ocert numbers. Given that this takes > so long, and the issues are public anyway, I will probably upstream the > fixes soon. If you would verify them it would be awesome. I'd appreciate these *not* being committed to the 1.1 tip: just make sure that I get the patch series (no more than one CVE no. per patch), prepared so that I can just "hg import" each one, and I'll handle things from there. (Somebody, probably me, will have to backport at least some of this lot for etch, and separate patches should make this a bit easier.) I'm currently not sure whether to do 1.1.15.1 or 1.1.16, mainly because 1.1.15.1 can be uploaded to unstable and still make it into lenny; OTOH, that'd be a new sourceful upload. And I'm not sure that we're ready for 1.1.16 yet anyway. -- | Darren Salt | linux or ds at | nr. Ashington, | Toon | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army | + Use more efficient products. Use less. BE MORE ENERGY EFFICIENT. You will be reincarnated as a toad; and you will be much happier.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.