Hi, I looked especially at the versions in Debian and ported the buffer overflow fix to 1.26 and 1.31.
Weitergeleitete Nachricht: Datum: Sat, 26 Oct 2024 18:42:05 +0200 Von: Thomas Orgis <[email protected]> An: [email protected], [email protected] Betreff: [mpg123-devel] 1.26 and 13.1 backports (Re: Security update mpg123 1.32.8: Frankenstein's Monster) Am Sat, 26 Oct 2024 17:38:40 +0200 schrieb Thomas Orgis <[email protected]>: > I hereby announce mpg123 version 1.32.8. Get it at the usual places. > Now. Observing that versions 1.26.x and 1.31.x are still in the wild (meaning: Debian stable), I ported the recent security fix to those release series. Please see recent commits to svn://scm.orgis.org/mpg123/branches/1.26-fixes and svn://scm.orgis.org/mpg123/branches/1.31-fixes Current code is also visible under https://scm.orgis.org/mpg123/branches/1.26-fixes/ and https://scm.orgis.org/mpg123/branches/1.31-fixes/ Alrighty then, Thomas _______________________________________________ mpg123-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mpg123-devel
