* [SECURITY] vorbis-tools @ 2015-02-18 4:42 Yaakov Selkowitz 2015-02-20 6:53 ` Yaakov Selkowitz 0 siblings, 1 reply; 3+ messages in thread From: Yaakov Selkowitz @ 2015-02-18 4:42 UTC (permalink / raw) To: cygwin-apps David, vorbis-tools requires a patch for CVE-2014-9640: http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch There are other patches in that repo that you may wish to consider adding; at a minimum, I would recommend the patch for vcut: http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch TIA, Yaakov ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [SECURITY] vorbis-tools 2015-02-18 4:42 [SECURITY] vorbis-tools Yaakov Selkowitz @ 2015-02-20 6:53 ` Yaakov Selkowitz 2015-02-21 22:55 ` David Rothenberger 0 siblings, 1 reply; 3+ messages in thread From: Yaakov Selkowitz @ 2015-02-20 6:53 UTC (permalink / raw) To: cygwin-apps On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote: > David, > > vorbis-tools requires a patch for CVE-2014-9640: > > http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch And now another one for CVE-2014-9638 and CVE-2014-9639: http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch > There are other patches in that repo that you may wish to consider > adding; at a minimum, I would recommend the patch for vcut: > > http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch -- Yaakov ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [SECURITY] vorbis-tools 2015-02-20 6:53 ` Yaakov Selkowitz @ 2015-02-21 22:55 ` David Rothenberger 0 siblings, 0 replies; 3+ messages in thread From: David Rothenberger @ 2015-02-21 22:55 UTC (permalink / raw) To: cygwin-apps On 2/19/2015 10:53 PM, Yaakov Selkowitz wrote: > On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote: >> David, >> >> vorbis-tools requires a patch for CVE-2014-9640: >> >> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch > > And now another one for CVE-2014-9638 and CVE-2014-9639: > > http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch > >> There are other patches in that repo that you may wish to consider >> adding; at a minimum, I would recommend the patch for vcut: >> >> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch I've uploaded a new package with these patches. Thanks for the pointers. -- David Rothenberger ---- daveroth@acm.org Professional wrestling: ballet for the common man. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-02-21 22:55 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-02-18 4:42 [SECURITY] vorbis-tools Yaakov Selkowitz 2015-02-20 6:53 ` Yaakov Selkowitz 2015-02-21 22:55 ` David Rothenberger
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).