Date: Sat, 28 Jan 2012 14:39:36 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: (maybe) CVE request: libvpx before 1.0 crasher libvpx (webm library) has released a new version that fixes a crasher bug: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html I'm not 100% sure if and in what situation crash bugs qualify as security issues. However, I tend to think that this one does. libvpx is used in browsers and crashing browsers seems an issue to me. Also, it could be used to crash automatic media re-encoding-services (e.g. backends of video websites like youtube). So I'd request a CVE. -- Hanno Böck mail/jabber: hanno@...eck.de GPG: BBB51E42 http://www.hboeck.de/ Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ