Diego 'Flameeyes' Pettenò <[EMAIL PROTECTED]> writes: > On Thursday 18 January 2007, Reinhard Tartler wrote: >> Could you have a look at >> it and tell me if you think there is a vulnerability? > Yes there's one and it's not isolated, there are a few others too, but as > Matthias said, they are all fixed in CVS. 0.99.4 release was very very unsafe > when it came to format strings; CVS version is fine, but it has a nasty bug > (double click on the video window does not fullscreen.. it crashes down.
Debian currently ships an CVS snapshot of November 11 2006, not a plain 0.99.4. There wasn't any later release, so I decided to have an snapshot uploaded. I'll check the logs for further supicous (read: security related) commits later today. Thanks for your comment! -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4
pgp3w7maRon9O.pgp
Description: PGP signature

