Launchpad has imported 18 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=217715.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-04-14T20:01:33+00:00 rbu wrote: xiph's (lib)speex 1.2 beta 3.2 has been tagged that fixes CVE-2008-1686 directly in the the speex_header_to_packet() function which applications use. Sanitations inside applications are therefore unnecessary. Patch: https://trac.xiph.org/changeset/14701 Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/11 ------------------------------------------------------------------------ On 2008-04-15T09:35:05+00:00 ssuominen wrote: And we have it in Portage now, *speex-1.2_beta3_p2 (15 Apr 2008) 15 Apr 2008; Samuli Suominen <d...@gentoo.org> -speex-1.1.7.ebuild, +speex-1.2_beta3_p2.ebuild: Version bump. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/13 ------------------------------------------------------------------------ On 2008-04-15T10:38:43+00:00 rbu wrote: Arch Security Liaisons, please test and mark stable: =media-libs/speex-1.2_beta3_p2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/14 ------------------------------------------------------------------------ On 2008-04-15T13:17:57+00:00 armin76 wrote: Adding Tobias for alpha Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/15 ------------------------------------------------------------------------ On 2008-04-15T13:46:01+00:00 fmccor wrote: Sparc stable (tested with {.wav}). Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/16 ------------------------------------------------------------------------ On 2008-04-15T16:17:10+00:00 corsair wrote: ppc64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/18 ------------------------------------------------------------------------ On 2008-04-15T16:51:29+00:00 ssuominen wrote: amd64 stable, tested by playing with ogg123 (vorbis-tools using USE speex) and converting .spx to .wav and back to .spx using speexdec and speexenc also tested by an AT (VQuickSilver, Freenode), thanks to him Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/19 ------------------------------------------------------------------------ On 2008-04-15T20:00:45+00:00 klausman wrote: Stable for alpha. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/21 ------------------------------------------------------------------------ On 2008-04-15T21:53:19+00:00 rbu wrote: *** Bug 217820 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/22 ------------------------------------------------------------------------ On 2008-04-16T19:08:12+00:00 dertobi123 wrote: ppc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/23 ------------------------------------------------------------------------ On 2008-04-17T01:04:10+00:00 maekke wrote: x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/24 ------------------------------------------------------------------------ On 2008-04-17T09:42:39+00:00 vorlon wrote: now public via http://www.ocert.org/advisories/ocert-2008-004.html Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/29 ------------------------------------------------------------------------ On 2008-04-17T09:59:20+00:00 vorlon wrote: removing arch security liaisons, adding missing arches, adding sound herd hope I didn't forget to remove/add anyone glsa request filed Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/30 ------------------------------------------------------------------------ On 2008-04-17T10:02:30+00:00 vorlon wrote: really removing this time Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/31 ------------------------------------------------------------------------ On 2008-04-17T10:18:10+00:00 armin76 wrote: ia64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/32 ------------------------------------------------------------------------ On 2008-04-17T10:53:48+00:00 klausman wrote: Removing myself since I stood in for ferdy as sec liaison for Alpha. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/33 ------------------------------------------------------------------------ On 2008-04-17T12:15:52+00:00 rbu wrote: GLSA 200804-17. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/34 ------------------------------------------------------------------------ On 2008-04-21T08:16:15+00:00 pva wrote: Fixed in release snapshot. Reply at: https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652/comments/36 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gst-plugins-good0.10 in Ubuntu. https://bugs.launchpad.net/bugs/218652 Title: CVE-2008-1686: Multiple speex implementations insufficient boundary checks To manage notifications about this bug go to: https://bugs.launchpad.net/vorbis-tools/+bug/218652/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
