Bug#652663: CVE-2011-4612
On 06/09/12 19:05, Moritz Muehlenhoff wrote: On Tue, Jun 26, 2012 at 06:36:56PM +0300, Rücker Thomas wrote: Hi Jonas, On 13/06/12 02:02, Jonas Smedegaard wrote: Hi Thomas, On 12-06-13 at 12:50am, Rücker Thomas wrote: Hello, your friendly upstream here. We just released Icecast 2.3.3 which addresses this issue. Also for the record. It's fairly easy to spot those injection attempts by looking at the Icecast access log. Great. I am looking into updating the packaging now. Just wondering how the updated package is going. Mainly as I hear there is a freeze coming to debian. Would be too bad to miss the window. CVE-2011-4612 is still unfixed in Wheezy, only in unstable. Please either ask the release managers to unblock 2.3.3 (unlikely at this time in the freeze) or upload an isolated fix to testing-proposed-updates. JFTR: We hurried out 2.3.3 still before the freeze so that it could possibly make it into wheezy. Carrying a 4+ year old release that misses numerous security and stability fixes is kind of impractical. So far there have been no regressions or new bugs found in 2.3.3 and it is a clean drop-in replacement for 2.3.2. Cheers Thomas ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#687594: Please document how to turn off a filter enabled in ~/.mplayer/config
clone 687594 -1 retitle please install DOCS/tech/slave.txt severity -1 wishlist stop On Fri, Sep 14, 2012 at 8:41 PM, Reimar Döffinger reimar.doeffin...@gmx.de wrote: Bind a key to af_clr (see DOCS/tech/slave.txt - in MPlayer SVN, it seems Debian doesn't install that, it might be worth including it even though it is mostly targeted at frontend developers). Cloning as separate bug. -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed (with 1 errors): Re: Bug#687594: Please document how to turn off a filter enabled in ~/.mplayer/config
Processing commands for cont...@bugs.debian.org: clone 687594 -1 Bug #687594 [mplayer] Please document how to turn off a filter enabled in ~/.mplayer/config Bug 687594 cloned as bug 687813 retitle please install DOCS/tech/slave.txt severity -1 wishlist Bug #687813 [mplayer] Please document how to turn off a filter enabled in ~/.mplayer/config Ignoring request to change severity of Bug 687813 to the same value. stop Stopping processing here. Please contact me if you need assistance. -- 687594: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687594 687813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: bug #670488: audacious: New upstream version available
Processing control commands: tags -1 fixed-in-experimental Bug #670488 [audacious] audacious: New upstream version available Added tag(s) fixed-in-experimental. -- 670488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670488 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#670488: bug #670488: audacious: New upstream version available
control: tags -1 fixed-in-experimental What Audacious release we'll have in Wheezy? BTW, besides Audacious 3.3 branch, there's a 3.2 bugfix release: Audacious 3.2.4 released June 29, 2012 This is a maintenance release for the 3.2.x branch, including fixes for #116, #117, #118, #119, #123, #129, #136, #137, and #138, along with a few other small fixes. http://audacious-media-player.org/download ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
zynaddsubfx 2.4.0-2 MIGRATED to testing
FYI: The status of the zynaddsubfx source package in Debian's testing distribution has changed. Previous version: 2.4.0-1.2 Current version: 2.4.0-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#687852: [Intl:en] jconvolver: Program name mispelled in package description
Package: jconvolver Severity: minor Tags: l10n Hi, I think there is a spelling mistake in the package description that now reads Jconvonlver (there is a n too much I think). Thanks, Beatrice ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#687594: Please document how to turn off a filter enabled in ~/.mplayer/config
On Fri, Sep 14, 2012 at 08:41:40PM +0200, Reimar Döffinger wrote: On Thu, Sep 13, 2012 at 07:26:05PM -0700, Josh Triplett wrote: At the moment, I have to do so by editing ~/.mplayer/config, removing af=scaletempo, re-running mplayer, and seeking to that point. I haven't found any way to disable a filter either from the command line or from the UI. Ideally, I'd love to have a disable filters key; Bind a key to af_clr (see DOCS/tech/slave.txt - in MPlayer SVN, it seems Debian doesn't install that, it might be worth including it even though it is mostly targeted at frontend developers). I tried binding a key to this: $ cat ~/.mplayer/input.conf \ af_clr As far as I can tell, mplayer now recognizes \ as a bound key (since it doesn't give an error about not having a binding), and recognizes af_clr as a valid command (since it doesn't give an error about the command), but nonetheless hitting \ does not seem to turn off scaletempo. On the other hand, the following works: $ cat ~/.mplayer/input.conf \ af_del scaletempo Also, now that I can bind a key to this, I find myself wishing for an af_toggle. in the absence of that, I'd love to have a command-line option to disable an audio or video filter, so that I can override the config file rather than editing it. -af-clr, and that one is documented in the MPlayer man-page, right at the start of the AUDIO FILTERS section. Disclaimer: I did not test that they actually work, but if not that should be a bug. Handy; now I don't need to edit the config file every time. - Josh Triplett ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Bug#687624: ITP: libdvdcss-pkg -- automated installer for libdvdcss
On Fri, Sep 14, 2012 at 02:14:57PM +0200, Reinhard Tartler wrote: This is a proof-of-concept implementation of automated installer for libdvdcss. This has been discussed before within the pkg-multimedia team. There is even preliminary work available at http://anonscm.debian.org/gitweb/?p=pkg-multimedia/libdvdcss-installer.git;a=summary. Indeed. I've in the past sought legal advice on the appropriateness of having an automated installer for libdvdcss in the Debian archive and shared the results with interested members of pkg-multimedia team. The bottom line of that work was that it could be done, but we need to pay attention at the package description. Please check back with me before finalizing that part. ... and of course, as a more general advice, please avoid duplicating efforts and converge on a single implementation, whatever, but please only one :-) Thanks for your interest in this, Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Debian Project Leader . . . . . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Bug#687624: ITP: libdvdcss-pkg -- automated installer for libdvdcss
On Mon, 17 Sep 2012 04:39:49 Stefano Zacchiroli wrote: Indeed. I've in the past sought legal advice on the appropriateness of having an automated installer for libdvdcss in the Debian archive and shared the results with interested members of pkg-multimedia team. The bottom line of that work was that it could be done, but we need to pay attention at the package description. Please check back with me before finalizing that part. My package libdvdcss-pkg has the following in its description: [snip] . libdvdcss is a library for accessing and unscrambling DVDs encrypted with the Content Scramble System (CSS). It is a free software but it may be illegal in some jurisdictions. As well as debconf notice: are you sure you want to build and install libdvdcss? Please be aware that libdvdcss may be illegal in some jurisdictions. . Source files will be downloaded from videolan.org. Please advise if the above warnings are strong enough. ... and of course, as a more general advice, please avoid duplicating efforts and converge on a single implementation, whatever, but please only one :-) Indeed. In this case there wasn't much of duplication because implementations are substantially different. I believe having two proof-of-concept implementations can allow peer review to have a good starting point for decision whichever is better and make possible to actually try the package rather than having long theoretical discussions about how it could be done. I'm sure eventually we will be merging our efforts when Andres Mejia (the author of the other implementation) will find time to reply. Thank you. All the best, Dmitry. signature.asc Description: This is a digitally signed message part. ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
