This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] vorbis-tools
- From: David Rothenberger <daveroth at acm dot org>
- To: cygwin-apps at cygwin dot com
- Date: Sat, 21 Feb 2015 14:55:39 -0800
- Subject: Re: [SECURITY] vorbis-tools
- Authentication-results: sourceware.org; auth=none
- References: <1424234538 dot 11028 dot 104 dot camel at cygwin dot com> <1424415222 dot 3460 dot 124 dot camel at cygwin dot com>
On 2/19/2015 10:53 PM, Yaakov Selkowitz wrote:
> On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote:
>> David,
>>
>> vorbis-tools requires a patch for CVE-2014-9640:
>>
>> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch
>
> And now another one for CVE-2014-9638 and CVE-2014-9639:
>
> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
>
>> There are other patches in that repo that you may wish to consider
>> adding; at a minimum, I would recommend the patch for vcut:
>>
>> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch
I've uploaded a new package with these patches. Thanks for the pointers.
--
David Rothenberger ---- daveroth@acm.org
Professional wrestling: ballet for the common man.