Hi, marit@secmail.pro wrote: > I think that package "libmad" should be updated to include fixes for the > following vulnerabilities: > https://security-tracker.debian.org/tracker/CVE-2017-8372, > https://security-tracker.debian.org/tracker/CVE-2017-8373, > https://security-tracker.debian.org/tracker/CVE-2017-8374. > This can be done by applying md_size.diff from Debian and replacing > libmad-frame-length.patch with length-check.diff from Debian. I've applied the updates that you recommended in commit aac6c53a7bc9a8d22e88a490ebc99ec79d64a05b on our 'master' branch. Thanks very much for bringing this to our attention. Best, Mark