Hi Jamie! I've noticed your USN-611-[123], which patch speex, vorbis-tools and gstreamer plugins. However, I believe fix in libspeex/speex_header.c should be sufficient to address this issue in all affected applications, as they call speex_packet_to_header(). With patch applied, it'll return NULL for malformed speex files and the mode check in speexdec / ogg123 / ... is not reached at all. Or have I missed anything?
skx, vorbis-tools do not embed whole speex library, only sample client implementation code. Previous versions of speex required client to perform part of the sanity checks (and many clients did not do that properly), so the check was now moved directly to speex library. HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
