Dear security team, I've just seen <https://bugs.debian.org/871511>.
I have now inspected the code of the embedded copy of taglib in my package silverjuke. From what I can tell, the embedded copy does not contain the vulnerability. The code in question is not included in silverjuke, because the embedded copy is older than the version of taglib which introduced the vulnerability. HTH, best regards, Tobias
Description: OpenPGP digital signature