From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6957 invoked by alias); 21 Feb 2015 22:55:32 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 6947 invoked by uid 89); 21 Feb 2015 22:55:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: resqmta-po-09v.sys.comcast.net Received: from resqmta-po-09v.sys.comcast.net (HELO resqmta-po-09v.sys.comcast.net) (96.114.154.168) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Sat, 21 Feb 2015 22:55:31 +0000 Received: from resomta-po-03v.sys.comcast.net ([96.114.154.227]) by resqmta-po-09v.sys.comcast.net with comcast id vAvK1p0054ueUHc01AvXd4; Sat, 21 Feb 2015 22:55:31 +0000 Received: from mail.daveroth.dyndns.org ([50.149.118.196]) by resomta-po-03v.sys.comcast.net with comcast id vAvW1p0064EKkwJ01AvWNj; Sat, 21 Feb 2015 22:55:30 +0000 Received: from [10.249.1.105] (fee.daveroth.dyndns.org [10.249.1.105]) by mail.daveroth.dyndns.org (8.14.4/8.14.4/Debian-4) with ESMTP id t1LMtTNJ008738 for ; Sat, 21 Feb 2015 14:55:29 -0800 Message-ID: <54E90CEB.1050700@acm.org> Date: Sat, 21 Feb 2015 22:55:00 -0000 From: David Rothenberger User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: cygwin-apps@cygwin.com Subject: Re: [SECURITY] vorbis-tools References: <1424234538.11028.104.camel@cygwin.com> <1424415222.3460.124.camel@cygwin.com> In-Reply-To: <1424415222.3460.124.camel@cygwin.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-02/txt/msg00279.txt.bz2 On 2/19/2015 10:53 PM, Yaakov Selkowitz wrote: > On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote: >> David, >> >> vorbis-tools requires a patch for CVE-2014-9640: >> >> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch > > And now another one for CVE-2014-9638 and CVE-2014-9639: > > http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch > >> There are other patches in that repo that you may wish to consider >> adding; at a minimum, I would recommend the patch for vcut: >> >> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch I've uploaded a new package with these patches. Thanks for the pointers. -- David Rothenberger ---- daveroth@acm.org Professional wrestling: ballet for the common man.