On Wed, Aug 09, 2017 at 12:42:12PM +0200, Dr. Tobias Quathamer wrote:
> Dear security team,
> I've just seen <https://bugs.debian.org/871511>.
> I have now inspected the code of the embedded copy of taglib in my
> package silverjuke. From what I can tell, the embedded copy does not
> contain the vulnerability.
> The code in question is not included in silverjuke, because the embedded
> copy is older than the version of taglib which introduced the vulnerability.
Ok thanks a lot for your analysis. We will update the tracker