Comment 0 for bug 218652

Date: Fri, 11 Apr 2008 09:15:00 +0000
From: Andrea Barisani <email address hidden>
To: <email address hidden>, <email address hidden>,
        <email address hidden>, <email address hidden>,
        <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: [oCERT 2008-003] xline-lib vulnerability report

Hi,

following up our 2008-002 advisory regarding libfishsound and speex, we found
out that the affected code is included in other open source projects,
xine-lib being one of them.

Here's the affected code:
http://hg.debian.org/hg/xine-lib/xine-lib?f=bb6c63fd3577;file=src/libxineadec/xine_speex_decoder.c;style=gitweb

Here's our existing advisory:
http://www.ocert.org/advisories/ocert-2008-2.html

We are going to release an advisory about this one in the next days, can you
confirm the issue?

We would like to coordinate patch + release of your package so that we can
reference the fixed version in our advisory and contact all affected vendors.

Cheers!