This issues appears to be only semi-public at the moment, so let's keep this restricted, as has been asked for, until it is fully public sdl-sound appears to include vulnerable speex code see http://www.ocert.org/advisories/ocert-2008-2.html as well as bug 216499 and bug 217373 for similar issues patch can be found at http://svn.icculus.org/SDL_sound/trunk/decoders/speex.c?r1=536&r2=537&pathrev=537
vapier, as member of games, could you prepare an ebuild? this should be handled as a semi-public bug until the issue is fully public by means of a new release or an announcement
adding vapier as cc
This does not need to be fixed if we enable the workaround in libspeex, which is bug 217715.
just going with the speex fix sounds fine to me
now public via http://www.ocert.org/advisories/ocert-2008-004.html
This will be fixed with the speex update in bug 217715, keeping open until the GLSA has been released.
speex has been sent as GLSA 200804-17, this also fixes this bug.