Manuel Reimer
2009-Sep-09 12:45 UTC
[Vorbis] Can the hole, fixed in latest libvorbis version, be triggered via webradio?
Hello, I'm talking about the following hole: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2663 In Slackware 12.2, so far, the current libvorbis version is still 1.2.0. My question is: I don't use ".OGG" files, but I regularly listen to a OGG webstream. Am I secure in this situation or could a corrupted webstream trigger the discussed bug? Thanks in advance Yours Manuel Reimer -- () ascii ribbon campaign - against html mail /\ - gegen HTML-Mail answers as html mail will be deleted automatically! Antworten als HTML-Mail werden automatisch gel?scht! Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate f?r nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
Ralph Giles
2009-Sep-09 15:30 UTC
[Vorbis] Can the hole, fixed in latest libvorbis version, be triggered via webradio?
On Wed, Sep 9, 2009 at 5:45 AM, Manuel Reimer<Manuel.Reimer at gmx.de> wrote:> My question is: I don't use ".OGG" files, but I regularly listen to a OGG webstream. Am I secure in this situation or could a corrupted webstream trigger the discussed bug?Yes, if you're listening to ogg webstreams you are vulnerable to this bug. Upgrading to the libvorbis 1.2.3 release will resolve the issue. -r