CVE-2008-2009 looks like a good candidate for an spu/ospu. Patches were added to the unstable packages to harden against attacks similar to this. It would be useful to have these patches in the stable releases to provide added protection for users. See bug report [1] and mailing list discussion [2].
Please coordinate with the release and security teams if you plan to work on this. [1] http://bugs.debian.org/482039 [2] http://lists.alioth.debian.org/pipermail/pkg-xiph-maint/2009-April/001511.html -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
