thr3ads.net - Secure testing team - [Secure-testing-team] Bug#552743: CVE-2009-3378: liboggplay issue discovered by Mozilla [Oct 2009]

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2009-Oct-28 22:21 UTC

[Secure-testing-team] Bug#552743: CVE-2009-3378: liboggplay issue discovered by Mozilla

Package: liboggplay
Severity: grave
Tags: security

Firefox 3.5.4 fixed a security issue in the embedded liboggplay
copy:  http://www.mozilla.org/security/announce/2009/mfsa2009-63.html

I checked the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=500311
and it is missing in the version from unstable.

BTW, the fixes for liboggz and libvorbis (also from Firefox 
3.5.4) are already fixed in unstable, but still need to be fixed
for stable-security. If you can prepare updated packages, please
contact team at security.debian.org

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Secure testing team - Oct 2009 - Bug#552743: CVE-2009-3378: liboggplay issue discovered by Mozilla

[Secure-testing-team] Bug#552743: CVE-2009-3378: liboggplay issue discovered by Mozilla