This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] vorbis-tools
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 20 Feb 2015 00:53:42 -0600
- Subject: Re: [SECURITY] vorbis-tools
- Authentication-results: sourceware.org; auth=none
- References: <1424234538 dot 11028 dot 104 dot camel at cygwin dot com>
On Tue, 2015-02-17 at 22:42 -0600, Yaakov Selkowitz wrote:
> David,
>
> vorbis-tools requires a patch for CVE-2014-9640:
>
> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch
And now another one for CVE-2014-9638 and CVE-2014-9639:
http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
> There are other patches in that repo that you may wish to consider
> adding; at a minimum, I would recommend the patch for vcut:
>
> http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1003607.patch
--
Yaakov