Thank you for your work on security issues. Please avoid munging that many seperate issues into the same bug.
Steffen Joeris <[EMAIL PROTECTED]> writes: > Package: ffmpeg-debian > Version: 0.svn20080206-14 > Severity: grave > Tags: security, patch > Justification: user security hole > > Hi, > the following CVE (Common Vulnerabilities & Exposures) ids were > published for ffmpeg. > > CVE-2008-4869[0]: > | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers > | to cause a denial of service (memory consumption) via unknown vectors, > | aka a "Tcp/udp memory leak." you asked me later to ignore this. ok. > CVE-2008-4868[1]: > | Unspecified vulnerability in the avcodec_close function in > | libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, > | has unknown impact and attack vectors, related to a free "on random > | pointers." Here is the relevant patch: =================================================================== --- libavcodec/utils.c (Revision 14786) +++ libavcodec/utils.c (Revision 14787) @@ -994,7 +994,6 @@ avctx->codec->close(avctx); avcodec_default_free_buffers(avctx); av_freep(&avctx->priv_data); - av_freep(&avctx->rc_eq); avctx->codec = NULL; entangled_thread_counter--; return 0; Are you really sure that this should be applied to the package? It looks, well, uhm, interesting to me? > CVE-2008-4867[2]: > | Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as > | used by MPlayer, allows context-dependent attackers to have an unknown > | impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. That is already reported as #496612, unfixed in lenny. Please read that bug backlog and attach a patch there. > CVE-2008-4866[3]: > | Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 > | before r14715, as used by MPlayer, allow context-dependent attackers > | to have an unknown impact via vectors related to execution of DTS > | generation code with a delay greater than MAX_REORDER_DELAY. committed in the pkg-multimedia svn branch. still untested, and the patch did not apply cleanly. another set of eyes if that still makes sense very appreciated. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]