* [SECURITY] vorbis-tools
@ 2015-02-18 4:42 Yaakov Selkowitz
2015-02-20 6:53 ` Yaakov Selkowitz
0 siblings, 1 reply; 3+ messages in thread
From: Yaakov Selkowitz @ 2015-02-18 4:42 UTC (permalink / raw)
To: cygwin-apps
David,
vorbis-tools requires a patch for CVE-2014-9640:
http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch
There are other patches in that repo that you may wish to consider
adding; at a minimum, I would recommend the patch for vcut:
http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch
TIA,
Yaakov
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [SECURITY] vorbis-tools
2015-02-18 4:42 [SECURITY] vorbis-tools Yaakov Selkowitz
@ 2015-02-20 6:53 ` Yaakov Selkowitz
2015-02-21 22:55 ` David Rothenberger
0 siblings, 1 reply; 3+ messages in thread
From: Yaakov Selkowitz @ 2015-02-20 6:53 UTC (permalink / raw)
To: cygwin-apps
On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote:
> David,
>
> vorbis-tools requires a patch for CVE-2014-9640:
>
> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch
And now another one for CVE-2014-9638 and CVE-2014-9639:
http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
> There are other patches in that repo that you may wish to consider
> adding; at a minimum, I would recommend the patch for vcut:
>
> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch
--
Yaakov
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [SECURITY] vorbis-tools
2015-02-20 6:53 ` Yaakov Selkowitz
@ 2015-02-21 22:55 ` David Rothenberger
0 siblings, 0 replies; 3+ messages in thread
From: David Rothenberger @ 2015-02-21 22:55 UTC (permalink / raw)
To: cygwin-apps
On 2/19/2015 10:53 PM, Yaakov Selkowitz wrote:
> On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote:
>> David,
>>
>> vorbis-tools requires a patch for CVE-2014-9640:
>>
>> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch
>
> And now another one for CVE-2014-9638 and CVE-2014-9639:
>
> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
>
>> There are other patches in that repo that you may wish to consider
>> adding; at a minimum, I would recommend the patch for vcut:
>>
>> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch
I've uploaded a new package with these patches. Thanks for the pointers.
--
David Rothenberger ---- daveroth@acm.org
Professional wrestling: ballet for the common man.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-02-21 22:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-18 4:42 [SECURITY] vorbis-tools Yaakov Selkowitz
2015-02-20 6:53 ` Yaakov Selkowitz
2015-02-21 22:55 ` David Rothenberger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).