iDefense reported to us several buffer overflow vulnerabilities in the FLAC source base that could lead to arbitrary code execution:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608 as a result the complete source code underwent an audit to fix all such vulnerabilites, and a separate memory allocation module was added to prevent future vulnerabilites. these fixes appear in the flac-1.2.1 release. we suggest you upgrade to flac-1.2.1 and/or winamp 5.5 (which now uses libFLAC from 1.2.1) Josh __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Flac mailing list [email protected] http://lists.xiph.org/mailman/listinfo/flac
