Date: Wed, 28 Jun 2017 15:43:35 +0200 From: "Dr. Thomas Orgis" <thomas.orgis@...-hamburg.de> To: oss-security@...ts.openwall.com Subject: Re: lame: multiple vulnerabilities Am Wed, 28 Jun 2017 14:03:16 +0200 schrieb Agostino Sarubbo <ago@...too.org>: > I discovered some crashes (which will follow one-by-one) in lame. A number of these occur inside the mpglib part, which is an old fork of the mpg123 decoder (extended with some LAME specifics). Can you check if they also occur in current mpg123 / libmpg123 (https://mpg123.org)? As mpg123 upstream, I've got that long-term plan without much actual real-world time to spend on it to finally replace those old forks of the precursor to libmpg123. A number of vulnerabilities in lame's mpglib might be a good trigger to finally consolidate this. In any case, knowing if these crashes apply to mpg123/libmpg123 would be very valuable for me. Oh, and lame upstream is not exactly dead, just very silent. Apart from these vulnerabilities, the program is quite complete in its functionality. There is still a the lame-dev@...ts.sourceforge.net mailing list with a post from time to time. At least developers are subscribed. Alrighty then, Thomas (mpg123 maintainer) -- Dr. Thomas Orgis Universität Hamburg Download attachment "smime.p7s" of type "application/pkcs7-signature" (4967 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.