Package: ffmpeg-debian Version: 0.svn20080206-12 Severity: grave Tags: security Justification: user security hole
according to the debian security tracker [1], ffmpeg is known to be vulnerable to a denial-of-service attack [2]. the description of the CVE is The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif. i'm reporting this here to make you aware of the issue, and so the issue can be tracked as release-critical for etch. this affects stable, testing, and unstable. thanks for the hard work. [1] http://security-tracker.debian.net/tracker/CVE-2008-3230 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230 -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24-etchnhalf.1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]