Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: Mon, 7 Apr 2008 13:01:59 +0000
From: Andrea Barisani <lcars@...rt.org>
To: oss-security@...ts.openwall.com
Subject: Re: [oCERT 2008-02] libfishsound insufficient boundary


Hi,

it turned out that Speex shares the same code that affects libfishsound, so
versions <= 1.1.12 are vulnerable. Speex 1.2beta contains the fix.

The advisory at http://www.ocert.org/advisories/ocert-2008-2.html has been
updated.

Cheers!

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@...rt.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux