[Secure-testing-team] Bug#552743: CVE-2009-3378: liboggplay issue discovered by Mozilla

Moritz Muehlenhoff jmm at debian.org
Wed Oct 28 22:21:11 UTC 2009


Package: liboggplay
Severity: grave
Tags: security

Firefox 3.5.4 fixed a security issue in the embedded liboggplay
copy:  http://www.mozilla.org/security/announce/2009/mfsa2009-63.html

I checked the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=500311
and it is missing in the version from unstable.

BTW, the fixes for liboggz and libvorbis (also from Firefox 
3.5.4) are already fixed in unstable, but still need to be fixed
for stable-security. If you can prepare updated packages, please
contact team at security.debian.org

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash





More information about the Secure-testing-team mailing list