similar to: Major Security Vulnerabilities in Remote CD Databases

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al

This is to announce that XMCD 2.1 patchlevel 0 has been released which fixes all of the issues previously raised by David Meltzer. It also contains a number of other minor feature and functionality enhancements. The new version may be obtained via the xmcd web page at: http://sunsite.unc.edu/~cddb/xmcd/ Users of xmcd with older versions are encouraged to upgrade. -Ti -- \\ // XMCD - Motif CD

Alexander O. Yuriev wrote: > > Your message dated: Wed, 20 Nov 1996 18:04:39 EST > > >has anyone played with the securelevel variable in the kernel and the > > >immutable flags in the ext2 file system? > > > > Yes, and its actualy quite nice. > > > > >The sysctrl code seems to allow the setting of the flag > > >only by init (PID=1)

There are security holes in XMCD 2.0pl2 (and presumably all previous versions), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. The cddb_init() function reads in the environment variable XMCD_CDDBPATH, and parses

Hi UNIX and Linux users, Xmcd, the premier CD player program, now also supports CD ripping to Ogg Vorbis, MP3 and other formats. For Ogg Vorbis, xmcd links directly with the vorbis libraries for best performance and integration. For further info and downloads, please visit the xmcd web site: http://www.amb.org/xmcd Vorbis webmasters: Please add xmcd to your list of free software that

I'm trying to install the exaile package on my newly upgraded CentOS 6.4 machine. It fails (see below) with missing dependencies on python-cddb and gnome-python2-gtkmozembed. I found this thread but there does not seem to be any resolution. \ Has anyone got this installed? Am I missing a repo? Thanks, Steve # yum install exaile Loaded plugins: fastestmirror, refresh-packagekit, security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Phillips wrote: > With regards the toc problem not compensating for starting from track > 0, is it possible to use the cdrtoa -t or -T options to compensate for > the shift. I am not sure I fully understand the option, but I came > across it and thought I would mention it. I believe the -T and -t flags (to cdparanoia? AFAIK, cdrdao

Copying a CD with k3b is no problem, except I want to include on my copy the cbbd data (from freedb.org). I've configured k3b's cddb section according to instructions at <http://www.freedb.org/en/faq.3.html#15> and read every article google could find about "k3b cddb freedb.org config", but still k3b can't manage it. Grip handles getting the cddb data just fine.

Charles Steinkuehler wrote: > Dan Phillips wrote: > >> With regards the toc problem not compensating for starting from track > >> 0, is it possible to use the cdrtoa -t or -T options to compensate for > >> the shift. I am not sure I fully understand the option, but I came > >> across it and thought I would mention it. > > I believe the -T and -t flags

--- rpp3po <rpp3po@gmx.de> wrote: > Hi there, > > is there any specific reason for ignoring TITLE and PERFORMER info > when > importing CD-TEXT cuesheets into flac files? (These two fields have > not > always been used but they have become widely supported by now). One > may > answer that the preferred method for getting this kind of info for a > cuesheet-flac

I looked around on the web, but I found no guidance on this subject, so I'm guessing. Here is what I came up with. It appears to work on a limited sample of CDs. Can anyone comment on whether or not this is OK? My system is Mandrake 9.0. My Grip is 3.0.1 (as supplied with Mandrake 9.0) My flac is 1.1.0, built from the source tarball. Mandrake ships with 1.0.3, which does not appear to have

I have a CD collection of about 20 discs that I currently archive on my hard disk in MP3 format. No, I do not like lossy compression. No, I do not like closed standards. No, I do not like software patents (Fraunhofer). In fact, I do not even need compression at this point, as my hard disk capacity is greater than the sum total of the CDs' WAV-format sizes. However, I need its ID3

Greets all, Is there a list of functions that have been removed from flac? I am trying to compile xmcd, which is admittedly pretty old code, and it's not finding: FLAC__stream_encoder_set_write_callback FLAC__stream_encoder_set_seek_callback FLAC__stream_encoder_set_client_data FLAC__stream_encoder_init grepping through the flac headers these aren't there so I'm assuming they've

I wanted to post publicly my problem with Jonathan's proposed album requirements. Although I do apologize, since this thread is too big already. The idea that as a requirement one should be able to identify the exact CD a track was ripped from is not a valid requirement in my book (not for the tags at least), and I hope I can explain why. Without knowing the exact way Jonathan wishes to

I scanned the website with linkchecker and found quite a lot of dead links. This commit fixes or removes them. --- developers.html | 2 +- documentation_tasks.html | 2 +- download.html | 12 ++++++------ faq.html | 2 +- features.html | 2 +- feeds/feed.xml | 8 ++++++++ format.html | 8 ++++----

Package: xen-utils-3.2-1 Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For

On CentOS 5.4 I just installed K3B to write some CDs. Now every time I used a CD, I get a popup that asks me to "Select a CDDB entry ...". How can I stop this popup? Thanks, Mike,

I scanned the website with linkchecker and found quite a lot of dead links. This commit fixes or removes them. --- developers.html | 2 +- documentation_tasks.html | 2 +- download.html | 14 +++++++------- faq.html | 2 +- features.html | 2 +- feeds/feed.xml | 8 ++++++++ format.html | 8 ++++----

Hi, A short question: what program for windows can rip, ogg at "-q 4.99" and tag correctly based on cddb ? (rc3 or better ofcourse) I need this to encode over 1000 CDs with 10 people who will each do 100. I have a simple perl script for linux to do this (if someone wants it you can have it) but that's not an options for these windows users. I never use windows, so I don't know,

Hi there, is there any specific reason for ignoring TITLE and PERFORMER info when importing CD-TEXT cuesheets into flac files? (These two fields have not always been used but they have become widely supported by now). One may answer that the preferred method for getting this kind of info for a cuesheet-flac would be CDDB, but CDDB info is not always reliable. In my opinion the goal "Now a CD