#2070 closed defect (notabug)
Is it possible to drop audioop dependency from TA
Reported by: | alsroot | Owned by: | walter |
---|---|---|---|
Priority: | Unspecified by Maintainer | Milestone: | Unspecified |
Component: | Turtleart | Version: | Unspecified |
Severity: | Unspecified | Keywords: | |
Cc: | Distribution/OS: | openSUSE | |
Bug Status: | Unconfirmed |
Description
There is a vulnerability in audioop
http://vigilance.fr/vulnerability/Python-buffer-overflows-of-audioop-9708.
And for example openSUSE droped audioop from python package, most likely they will revert it after fixing issue. But maybe it will be easier to just remove audioop dependency from TA?
Change History (5)
comment:1 Changed 13 years ago by walter
comment:2 Changed 13 years ago by alsroot
- Resolution set to notabug
- Status changed from new to closed
Sorry, it was in TA-83...
comment:3 Changed 13 years ago by walter
I just checked the tar file for 0.83 and there is no audioop.so (nor do I think it would have been called by so recent a version). I wonder if this is an example of install not removing old files?
comment:4 Changed 13 years ago by alsroot
talogo.py from v83 contains "import audioop" but looks like doesn't use it anymore.
comment:5 Changed 13 years ago by walter
Must have before I cleaned up the spurious imports... Thanks for tracking this down.
Does TA have a dependency on audioop? I couldn't find it. Is it pulled in by gst?