Your message dated Sun, 13 Jan 2013 15:33:10 +0000
with message-id <e1tupyc-0003gt...@franck.debian.org>
and subject line Bug#694483: fixed in libav 6:0.8.5-1
has caused the Debian Bug report #694483,
regarding CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
694483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libav
Version: 0.8.4
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
I have here another series of CVEs for ffmpeg/libav:
CVE-2012-2882
CVE-2012-5359
CVE-2012-5360
CVE-2012-5361
For the last 3 http://technet.microsoft.com/en-us/security/msvr/msvr12-017
claims that they are fixed in ffmpeg 0.11, but the available information on
all of them is a bit thin.
Thanks for all the good work!
AW
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.29 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: libav
Source-Version: 6:0.8.5-1
We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 694...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 13 Jan 2013 11:56:59 +0100
Source: libav
Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc
libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2
libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev
libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
libavutil-extra-51 libavcodec-extra-53 libavdevice-extra-53 libavfilter-extra-2
libpostproc-extra-52 libavformat-extra-53 libswscale-extra-2
Architecture: source amd64 all
Version: 6:0.8.5-1
Distribution: unstable
Urgency: low
Maintainer: Reinhard Tartler <siret...@debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description:
ffmpeg - Multimedia player, server, encoder and transcoder (transitional p
ffmpeg-dbg - Debug symbols for Libav related packages (transitional package)
ffmpeg-doc - Documentation of the Libav API (transitional package)
libav-dbg - Debug symbols for Libav related packages
libav-doc - Documentation of the Libav API
libav-extra-dbg - Debug symbols for Libav related packages (transitional
package)
libav-tools - Multimedia player, server, encoder and transcoder
libavcodec-dev - Development files for libavcodec
libavcodec-extra-53 - Libav codec library (additional codecs)
libavcodec53 - Libav codec library
libavdevice-dev - Development files for libavdevice
libavdevice-extra-53 - Libav device handling library (transitional package)
libavdevice53 - Libav device handling library
libavfilter-dev - Development files for libavfilter
libavfilter-extra-2 - Libav filter library (transitional package)
libavfilter2 - Libav video filtering library
libavformat-dev - Development files for libavformat
libavformat-extra-53 - Libav video postprocessing library (transitional
package)
libavformat53 - Libav file format library
libavutil-dev - Development files for libavutil
libavutil-extra-51 - Libav utility library (transitional package)
libavutil51 - Libav utility library
libpostproc-dev - Development files for libpostproc
libpostproc-extra-52 - Libav video postprocessing library (transitional
package)
libpostproc52 - Libav video postprocessing library
libswscale-dev - Development files for libswscale
libswscale-extra-2 - Libav video software scaling library (transitional
package)
libswscale2 - Libav video scaling library
Closes: 694483
Changes:
libav (6:0.8.5-1) unstable; urgency=low
.
* New upstream security/bugfix release. New releases fixes
(bug numbers reference http://bugzilla.libav.org, Closes: #694483)
- Indeo 4 (CVE-2012-2791)
- VP5/VP6 (CVE-2012-2783)
- Indeo 3 (CVE-2012-2804)
- MPEG-1/2 (CVE-2012-2803)
- MP3 (CVE-2012-2797)
- AAC (CVE-2012-5144)
- AC-3 (CVE-2012-2802)
- AVS (CVE-2012-2801)
- DFA (CVE-2012-2798)
- ID3v2 (Bug 395)
- Serious Memory leaks on broken Ogg files
* drop recordshow script. This clearly undermaintained script has
unclear copyright status and is unlikely to work properly anyways.
Checksums-Sha1:
02d01674933c9825566a4a72f274d0343bb05fa7 3680 libav_0.8.5-1.dsc
ab25c6446063e4a19eeab7c1c64b19790c099d5b 5287702 libav_0.8.5.orig.tar.gz
252fe38c1e991f0825f15e23c62e65e6d76fe577 41573 libav_0.8.5-1.debian.tar.gz
81312682ce2e724948609e8dd4ccda2c5b8c7378 363736 libav-tools_0.8.5-1_amd64.deb
1a56a5bc7b7932e38d175e25c1d65ddbde815675 137958 ffmpeg_0.8.5-1_amd64.deb
ffbb059515a2a37a7f4014ec6ace40900be0693f 43040 ffmpeg-dbg_0.8.5-1_all.deb
8c6f7914a1d62c975795588166ac2e9caebbc69d 21706086 libav-dbg_0.8.5-1_amd64.deb
2e646fd0cf98918c06e56e35d53580ff27f12d5a 43034 libav-extra-dbg_0.8.5-1_all.deb
d52cbd18b0ba9f8c2b233eb0e4bad774814f6ace 43102 ffmpeg-doc_0.8.5-1_all.deb
9061f56f3811c4686f9109b1e91aa64916c4f65a 12444332 libav-doc_0.8.5-1_all.deb
56dfa14e3ae4ea36b3af3d44f96f334d25c79405 92428 libavutil51_0.8.5-1_amd64.deb
28c7164edad7f284077cd33718125b2caffe3914 2502832 libavcodec53_0.8.5-1_amd64.deb
399dcbc96b781c9a99c129cfeee75ac36c4dab30 68180 libavdevice53_0.8.5-1_amd64.deb
8cb216e4f5bab8adbea6ef5d761b0afcf620da6e 463710 libavformat53_0.8.5-1_amd64.deb
a4a57be05a8b5063085e4e724bd8288f4f2f5677 114538 libavfilter2_0.8.5-1_amd64.deb
1c76e7bcc6adf9573eba6147e453b59e5c705b5e 88558 libpostproc52_0.8.5-1_amd64.deb
812a4bd4f022cc8c486ce9d3916c2a85890a79d2 120416 libswscale2_0.8.5-1_amd64.deb
a19ba3776e182b1e09a8d263f557ba1ac343ef70 132508 libavutil-dev_0.8.5-1_amd64.deb
7463a1bcfeca6ee5612569c5e5efb180bdcec3e9 2747356
libavcodec-dev_0.8.5-1_amd64.deb
33113e79daef3da3518797f86e0a5925b85f0315 70058
libavdevice-dev_0.8.5-1_amd64.deb
2406dbdc574cf3ff961233bd2666098561ef9902 549968
libavformat-dev_0.8.5-1_amd64.deb
5e3d1780b899b2655be1d0316ce3f7fc2e211069 133894
libavfilter-dev_0.8.5-1_amd64.deb
f6f7f8a63f5b0b37d453c3222b50b53dde88042b 88696
libpostproc-dev_0.8.5-1_amd64.deb
aea9a466bb468a8a1b1746f3f53ec1a732d4e1e9 130846
libswscale-dev_0.8.5-1_amd64.deb
a5a4bfdf8bbb005f4625730e83b8ffcb5ac1b8b8 43068
libavutil-extra-51_0.8.5-1_all.deb
ea19763d54bcea6ac69db54e97036ca83db0ce0c 2505964
libavcodec-extra-53_0.8.5-1_amd64.deb
39d9910e5ccc74d955119d952c83d617d9c1a95f 43072
libavdevice-extra-53_0.8.5-1_all.deb
221ed783b3e05d8353f24750d23416ae777eb1fb 43070
libavfilter-extra-2_0.8.5-1_all.deb
0bb53051479cefd9737a6119b4ed8a0bb3efe365 43080
libpostproc-extra-52_0.8.5-1_all.deb
7c4f559e3d66104f7480de4da33215aa58f49438 43072
libavformat-extra-53_0.8.5-1_all.deb
97575677fa5b014a653ed61e9c71599ad77511ad 43062
libswscale-extra-2_0.8.5-1_all.deb
Checksums-Sha256:
57466257fd9a39b9cc61995558aaf0d6a80f4f073ebf2a5e86857699828df486 3680
libav_0.8.5-1.dsc
3a1bb6d484fe0b6989befce1b49da6e1cac98c2828bd7b352f782909685e1a77 5287702
libav_0.8.5.orig.tar.gz
98ce86c3ae0bf574b6874f1623aa4343da446ef471ecb0674b8a0d50d3dfd255 41573
libav_0.8.5-1.debian.tar.gz
aad554227daecbbf8d782a6d68a3997347fbc824bd20bab57579d9202b894d52 363736
libav-tools_0.8.5-1_amd64.deb
16c12231989d2cf15dd960a4ddef622f8c27018b9c3e2b3532f7fc8a7f042b26 137958
ffmpeg_0.8.5-1_amd64.deb
cf2e0a0f3f4d0f3220ab084f951f15f956ed29dc89bb60b94b02f754eb61be14 43040
ffmpeg-dbg_0.8.5-1_all.deb
88bcb97fde0b08e2fb16617b810e72e85a79f35353f8194d705d989ce357721b 21706086
libav-dbg_0.8.5-1_amd64.deb
d86fc49d15ac2cdb0c318095c5b41f6be439c7bb041041ddcaee1aaf025ea813 43034
libav-extra-dbg_0.8.5-1_all.deb
2aa93d48bffb3ffd8c81887788731ab679e951385cbcf4d7e79d7a2f11873c6d 43102
ffmpeg-doc_0.8.5-1_all.deb
fefecfbc0c048076a49dceb1fc29af9c5cb433ed84a8aafa98e8904d69a525d7 12444332
libav-doc_0.8.5-1_all.deb
ca0b2a1c5dff5f303fdca80a360272f548542a0f9ba55c27706d80200a971125 92428
libavutil51_0.8.5-1_amd64.deb
a55b4a938a5cfb67fbd3ec57e4065d0207e3a8bdc93b307edae7c06c6650bbb6 2502832
libavcodec53_0.8.5-1_amd64.deb
2735602fefac3a3a7ca52fec69c4848930b9040dfc15b40439d6d135c14cf08e 68180
libavdevice53_0.8.5-1_amd64.deb
9e86be209bdcf29ecc7cde941eb063d6aac20376e6f835cd844ad7c0a8de7d65 463710
libavformat53_0.8.5-1_amd64.deb
99d2cc03e1a1f8b163774c2ee801b1cc3fa2724a28ef05b0c222b02ddef11e5b 114538
libavfilter2_0.8.5-1_amd64.deb
1be517a5be43426bf2638b0f867762f9f798084079c6fb9d352b7635558ade78 88558
libpostproc52_0.8.5-1_amd64.deb
ae8c89f9f7fc207e97ad46d7a0aa5193c1d866219834816e43e94384697660ce 120416
libswscale2_0.8.5-1_amd64.deb
068d0a42787d9d8c3cc347a63cd015ba07c12dd6843891f16ff0624f4d200ec6 132508
libavutil-dev_0.8.5-1_amd64.deb
45b5484f8ab6162557caa6eb967288d8efbabb575abba800734e5edcfe1ff5dd 2747356
libavcodec-dev_0.8.5-1_amd64.deb
858ebd287462705cc5acca2cd2d96bf7dc7c3dd2b708ad25b5d3691b1eaab29d 70058
libavdevice-dev_0.8.5-1_amd64.deb
75d0e9434defb4bad9e29b79634198286e14a9b7ac4facbb264225666692d128 549968
libavformat-dev_0.8.5-1_amd64.deb
53c02830b3a241bb8ca08d1d5732a0562d7a7ce73a7602e3130c919ae6f7eeff 133894
libavfilter-dev_0.8.5-1_amd64.deb
dee9317ef414090f50253dbdaaeca9e014c5a54a6800dd4c531bc6c418eac4d5 88696
libpostproc-dev_0.8.5-1_amd64.deb
3a2f905866bafceb0225eae6618e15d14de95d33c1e118ee8fbcc47264b5e575 130846
libswscale-dev_0.8.5-1_amd64.deb
9dc30c8a6f1e74d3114563c3c29b905d5be8e5d8e125bc953b4c54803f5f6b47 43068
libavutil-extra-51_0.8.5-1_all.deb
d16eeae1c8cd3c0bf5df9eb20525df090adecefc55e4c81af8909ac76d8817e4 2505964
libavcodec-extra-53_0.8.5-1_amd64.deb
37b380ba50481cf1466364c9f9980a6f83aeaa3e424a4fc8bd32a31d5e3bb481 43072
libavdevice-extra-53_0.8.5-1_all.deb
66c26ae4518d8d9818033b08e6b50057bf84117cc610050fe8239fe4b0230f33 43070
libavfilter-extra-2_0.8.5-1_all.deb
6ba387f429b30f334049628eca6ec005074a5a67fdc41f0de26fd0e8b88ac26c 43080
libpostproc-extra-52_0.8.5-1_all.deb
b8819df0b23bba0b40449cef904a6df2d2aee68a9ed75e9ed9eff04f1cd9b7a2 43072
libavformat-extra-53_0.8.5-1_all.deb
afa49dc404fcbdaff562951ded15747e24acdeca9480e3638b8216c02c21486f 43062
libswscale-extra-2_0.8.5-1_all.deb
Files:
110501920c9412133bf1fddf6a59b5ab 3680 libs optional libav_0.8.5-1.dsc
69c0760e51f6c343a13715ea2e388f90 5287702 libs optional libav_0.8.5.orig.tar.gz
5ccf7065d28f29e8a804d38df082d521 41573 libs optional
libav_0.8.5-1.debian.tar.gz
4869bb083748b6b39118d9b3471a1d6e 363736 video optional
libav-tools_0.8.5-1_amd64.deb
2914f816bcb4dfce980fdccef6d99521 137958 oldlibs extra ffmpeg_0.8.5-1_amd64.deb
3b528d9ea77fb2066eee4518e13732af 43040 oldlibs extra ffmpeg-dbg_0.8.5-1_all.deb
1aa4ba0451f12c8811838fc7f698ccab 21706086 debug extra
libav-dbg_0.8.5-1_amd64.deb
108edfa9cd191dc13922c1727db7487e 43034 oldlibs extra
libav-extra-dbg_0.8.5-1_all.deb
f69ef21dbb722802704fde40b8829181 43102 oldlibs extra ffmpeg-doc_0.8.5-1_all.deb
27a472ecd5b168b982d4a8d595931d3a 12444332 doc optional
libav-doc_0.8.5-1_all.deb
7f2d0632349d576235948a47ea42d1e7 92428 libs optional
libavutil51_0.8.5-1_amd64.deb
b2ef0b9e80dfdd6c9b8a1fa450aa4efd 2502832 libs optional
libavcodec53_0.8.5-1_amd64.deb
69be0939267c4e773698e213a96587b3 68180 libs optional
libavdevice53_0.8.5-1_amd64.deb
3462f54071aa2bb0cc563e14336dfd91 463710 libs optional
libavformat53_0.8.5-1_amd64.deb
024272f4e4555e9dfe5084f962143bd9 114538 libs optional
libavfilter2_0.8.5-1_amd64.deb
28262fa41c25b6c4685253f5a9e320d4 88558 libs optional
libpostproc52_0.8.5-1_amd64.deb
d8a1265154267be408e5fc46366d027a 120416 libs optional
libswscale2_0.8.5-1_amd64.deb
d532ca2f420245d8366a813fcb4dc5e2 132508 libdevel optional
libavutil-dev_0.8.5-1_amd64.deb
248b03817ae428268bd2a2c10ce19c86 2747356 libdevel optional
libavcodec-dev_0.8.5-1_amd64.deb
300a9c63e5778cd211e3261308761002 70058 libdevel optional
libavdevice-dev_0.8.5-1_amd64.deb
251bde6a2442f67f348b06f4461525df 549968 libdevel optional
libavformat-dev_0.8.5-1_amd64.deb
fc0f6393302b71da3b21ba237ced0ad7 133894 libdevel optional
libavfilter-dev_0.8.5-1_amd64.deb
3dbf946f10bafc0d3a3a222d7a2a9092 88696 libdevel optional
libpostproc-dev_0.8.5-1_amd64.deb
1938a5517fe96e788dfe5119401211f3 130846 libdevel optional
libswscale-dev_0.8.5-1_amd64.deb
0a57dfe1063e59d37ecd515e58021a8b 43068 oldlibs extra
libavutil-extra-51_0.8.5-1_all.deb
fe3fb3a89585259c2a00d075fe439701 2505964 libs optional
libavcodec-extra-53_0.8.5-1_amd64.deb
2bbd88476c859aec46dc023160dcd9ec 43072 oldlibs extra
libavdevice-extra-53_0.8.5-1_all.deb
147ed94c0dc1956cca7fa4a7132975df 43070 oldlibs extra
libavfilter-extra-2_0.8.5-1_all.deb
ec0f2a6427170951d45c50ac573be8f1 43080 oldlibs extra
libpostproc-extra-52_0.8.5-1_all.deb
e968f2749006bc397b1ba4b8b3c706ed 43072 oldlibs extra
libavformat-extra-53_0.8.5-1_all.deb
0bffe36ac9c5201e0c9a75d3e7ccbb99 43062 oldlibs extra
libswscale-extra-2_0.8.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Debian Powered!
iEYEARECAAYFAlDyzz8ACgkQmAg1RJRTSKQ++wCdFvWAO+21kfOv+R56rkm0bSIt
ZXAAoICSjLBqE9XjdBHXMC4RoNcqZgps
=7RrI
-----END PGP SIGNATURE-----
--- End Message ---