Jens Peter Secher wrote: > On 8/22/06, Martín Ferrari <[EMAIL PROTECTED]> wrote: > >> I think this patch fixes the first vulnerability reported. I'm CCing >> debian-security as it would be good if somebody more seasoned in this >> matters could take a look at it (please CC me). > > Lukáš Lalinský is upstream maintainer as well as Debian package > maintainer. He is in the process of dealing with this. > > Lukáš, could you put a note about your plans the two open bugs?
Sure. Fix for both of them is already in the MusicBrainz SVN (for this one it's http://bugs.musicbrainz.org/changeset/8440) and both of these fixes are also included in the 2.1.4 release: http://ftp.musicbrainz.org/pub/musicbrainz/libmusicbrainz-2.1.4.tar.gz Here is the package for unstable: http://users.musicbrainz.org/~luks/tmp/libmusicbrainz-2.1_2.1.4-1.diff.gz http://users.musicbrainz.org/~luks/tmp/libmusicbrainz-2.1_2.1.4-1.dsc http://users.musicbrainz.org/~luks/tmp/libmusicbrainz-2.1_2.1.4.orig.tar.gz Jens, could you please upload it? And for stable-security, this patch could be probably used (however I'm not sure how to prepare the package): http://bugs.musicbrainz.org/changeset/8440?format=diff&new=8440 -Lukáš -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]