Your message dated Sun, 13 Jan 2013 15:33:10 +0000 with message-id <e1tupyc-0003gt...@franck.debian.org> and subject line Bug#694483: fixed in libav 6:0.8.5-1 has caused the Debian Bug report #694483, regarding CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libav Version: 0.8.4 Severity: grave Tags: security Justification: user security hole Dear Maintainer, I have here another series of CVEs for ffmpeg/libav: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361 For the last 3 http://technet.microsoft.com/en-us/security/msvr/msvr12-017 claims that they are fixed in ffmpeg 0.11, but the available information on all of them is a bit thin. Thanks for all the good work! AW -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.29 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---Source: libav Source-Version: 6:0.8.5-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 13 Jan 2013 11:56:59 +0100 Source: libav Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev libavutil-extra-51 libavcodec-extra-53 libavdevice-extra-53 libavfilter-extra-2 libpostproc-extra-52 libavformat-extra-53 libswscale-extra-2 Architecture: source amd64 all Version: 6:0.8.5-1 Distribution: unstable Urgency: low Maintainer: Reinhard Tartler <siret...@debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Description: ffmpeg - Multimedia player, server, encoder and transcoder (transitional p ffmpeg-dbg - Debug symbols for Libav related packages (transitional package) ffmpeg-doc - Documentation of the Libav API (transitional package) libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-extra-dbg - Debug symbols for Libav related packages (transitional package) libav-tools - Multimedia player, server, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra-53 - Libav codec library (additional codecs) libavcodec53 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice-extra-53 - Libav device handling library (transitional package) libavdevice53 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter-extra-2 - Libav filter library (transitional package) libavfilter2 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat-extra-53 - Libav video postprocessing library (transitional package) libavformat53 - Libav file format library libavutil-dev - Development files for libavutil libavutil-extra-51 - Libav utility library (transitional package) libavutil51 - Libav utility library libpostproc-dev - Development files for libpostproc libpostproc-extra-52 - Libav video postprocessing library (transitional package) libpostproc52 - Libav video postprocessing library libswscale-dev - Development files for libswscale libswscale-extra-2 - Libav video software scaling library (transitional package) libswscale2 - Libav video scaling library Closes: 694483 Changes: libav (6:0.8.5-1) unstable; urgency=low . * New upstream security/bugfix release. New releases fixes (bug numbers reference http://bugzilla.libav.org, Closes: #694483) - Indeo 4 (CVE-2012-2791) - VP5/VP6 (CVE-2012-2783) - Indeo 3 (CVE-2012-2804) - MPEG-1/2 (CVE-2012-2803) - MP3 (CVE-2012-2797) - AAC (CVE-2012-5144) - AC-3 (CVE-2012-2802) - AVS (CVE-2012-2801) - DFA (CVE-2012-2798) - ID3v2 (Bug 395) - Serious Memory leaks on broken Ogg files * drop recordshow script. This clearly undermaintained script has unclear copyright status and is unlikely to work properly anyways. Checksums-Sha1: 02d01674933c9825566a4a72f274d0343bb05fa7 3680 libav_0.8.5-1.dsc ab25c6446063e4a19eeab7c1c64b19790c099d5b 5287702 libav_0.8.5.orig.tar.gz 252fe38c1e991f0825f15e23c62e65e6d76fe577 41573 libav_0.8.5-1.debian.tar.gz 81312682ce2e724948609e8dd4ccda2c5b8c7378 363736 libav-tools_0.8.5-1_amd64.deb 1a56a5bc7b7932e38d175e25c1d65ddbde815675 137958 ffmpeg_0.8.5-1_amd64.deb ffbb059515a2a37a7f4014ec6ace40900be0693f 43040 ffmpeg-dbg_0.8.5-1_all.deb 8c6f7914a1d62c975795588166ac2e9caebbc69d 21706086 libav-dbg_0.8.5-1_amd64.deb 2e646fd0cf98918c06e56e35d53580ff27f12d5a 43034 libav-extra-dbg_0.8.5-1_all.deb d52cbd18b0ba9f8c2b233eb0e4bad774814f6ace 43102 ffmpeg-doc_0.8.5-1_all.deb 9061f56f3811c4686f9109b1e91aa64916c4f65a 12444332 libav-doc_0.8.5-1_all.deb 56dfa14e3ae4ea36b3af3d44f96f334d25c79405 92428 libavutil51_0.8.5-1_amd64.deb 28c7164edad7f284077cd33718125b2caffe3914 2502832 libavcodec53_0.8.5-1_amd64.deb 399dcbc96b781c9a99c129cfeee75ac36c4dab30 68180 libavdevice53_0.8.5-1_amd64.deb 8cb216e4f5bab8adbea6ef5d761b0afcf620da6e 463710 libavformat53_0.8.5-1_amd64.deb a4a57be05a8b5063085e4e724bd8288f4f2f5677 114538 libavfilter2_0.8.5-1_amd64.deb 1c76e7bcc6adf9573eba6147e453b59e5c705b5e 88558 libpostproc52_0.8.5-1_amd64.deb 812a4bd4f022cc8c486ce9d3916c2a85890a79d2 120416 libswscale2_0.8.5-1_amd64.deb a19ba3776e182b1e09a8d263f557ba1ac343ef70 132508 libavutil-dev_0.8.5-1_amd64.deb 7463a1bcfeca6ee5612569c5e5efb180bdcec3e9 2747356 libavcodec-dev_0.8.5-1_amd64.deb 33113e79daef3da3518797f86e0a5925b85f0315 70058 libavdevice-dev_0.8.5-1_amd64.deb 2406dbdc574cf3ff961233bd2666098561ef9902 549968 libavformat-dev_0.8.5-1_amd64.deb 5e3d1780b899b2655be1d0316ce3f7fc2e211069 133894 libavfilter-dev_0.8.5-1_amd64.deb f6f7f8a63f5b0b37d453c3222b50b53dde88042b 88696 libpostproc-dev_0.8.5-1_amd64.deb aea9a466bb468a8a1b1746f3f53ec1a732d4e1e9 130846 libswscale-dev_0.8.5-1_amd64.deb a5a4bfdf8bbb005f4625730e83b8ffcb5ac1b8b8 43068 libavutil-extra-51_0.8.5-1_all.deb ea19763d54bcea6ac69db54e97036ca83db0ce0c 2505964 libavcodec-extra-53_0.8.5-1_amd64.deb 39d9910e5ccc74d955119d952c83d617d9c1a95f 43072 libavdevice-extra-53_0.8.5-1_all.deb 221ed783b3e05d8353f24750d23416ae777eb1fb 43070 libavfilter-extra-2_0.8.5-1_all.deb 0bb53051479cefd9737a6119b4ed8a0bb3efe365 43080 libpostproc-extra-52_0.8.5-1_all.deb 7c4f559e3d66104f7480de4da33215aa58f49438 43072 libavformat-extra-53_0.8.5-1_all.deb 97575677fa5b014a653ed61e9c71599ad77511ad 43062 libswscale-extra-2_0.8.5-1_all.deb Checksums-Sha256: 57466257fd9a39b9cc61995558aaf0d6a80f4f073ebf2a5e86857699828df486 3680 libav_0.8.5-1.dsc 3a1bb6d484fe0b6989befce1b49da6e1cac98c2828bd7b352f782909685e1a77 5287702 libav_0.8.5.orig.tar.gz 98ce86c3ae0bf574b6874f1623aa4343da446ef471ecb0674b8a0d50d3dfd255 41573 libav_0.8.5-1.debian.tar.gz aad554227daecbbf8d782a6d68a3997347fbc824bd20bab57579d9202b894d52 363736 libav-tools_0.8.5-1_amd64.deb 16c12231989d2cf15dd960a4ddef622f8c27018b9c3e2b3532f7fc8a7f042b26 137958 ffmpeg_0.8.5-1_amd64.deb cf2e0a0f3f4d0f3220ab084f951f15f956ed29dc89bb60b94b02f754eb61be14 43040 ffmpeg-dbg_0.8.5-1_all.deb 88bcb97fde0b08e2fb16617b810e72e85a79f35353f8194d705d989ce357721b 21706086 libav-dbg_0.8.5-1_amd64.deb d86fc49d15ac2cdb0c318095c5b41f6be439c7bb041041ddcaee1aaf025ea813 43034 libav-extra-dbg_0.8.5-1_all.deb 2aa93d48bffb3ffd8c81887788731ab679e951385cbcf4d7e79d7a2f11873c6d 43102 ffmpeg-doc_0.8.5-1_all.deb fefecfbc0c048076a49dceb1fc29af9c5cb433ed84a8aafa98e8904d69a525d7 12444332 libav-doc_0.8.5-1_all.deb ca0b2a1c5dff5f303fdca80a360272f548542a0f9ba55c27706d80200a971125 92428 libavutil51_0.8.5-1_amd64.deb a55b4a938a5cfb67fbd3ec57e4065d0207e3a8bdc93b307edae7c06c6650bbb6 2502832 libavcodec53_0.8.5-1_amd64.deb 2735602fefac3a3a7ca52fec69c4848930b9040dfc15b40439d6d135c14cf08e 68180 libavdevice53_0.8.5-1_amd64.deb 9e86be209bdcf29ecc7cde941eb063d6aac20376e6f835cd844ad7c0a8de7d65 463710 libavformat53_0.8.5-1_amd64.deb 99d2cc03e1a1f8b163774c2ee801b1cc3fa2724a28ef05b0c222b02ddef11e5b 114538 libavfilter2_0.8.5-1_amd64.deb 1be517a5be43426bf2638b0f867762f9f798084079c6fb9d352b7635558ade78 88558 libpostproc52_0.8.5-1_amd64.deb ae8c89f9f7fc207e97ad46d7a0aa5193c1d866219834816e43e94384697660ce 120416 libswscale2_0.8.5-1_amd64.deb 068d0a42787d9d8c3cc347a63cd015ba07c12dd6843891f16ff0624f4d200ec6 132508 libavutil-dev_0.8.5-1_amd64.deb 45b5484f8ab6162557caa6eb967288d8efbabb575abba800734e5edcfe1ff5dd 2747356 libavcodec-dev_0.8.5-1_amd64.deb 858ebd287462705cc5acca2cd2d96bf7dc7c3dd2b708ad25b5d3691b1eaab29d 70058 libavdevice-dev_0.8.5-1_amd64.deb 75d0e9434defb4bad9e29b79634198286e14a9b7ac4facbb264225666692d128 549968 libavformat-dev_0.8.5-1_amd64.deb 53c02830b3a241bb8ca08d1d5732a0562d7a7ce73a7602e3130c919ae6f7eeff 133894 libavfilter-dev_0.8.5-1_amd64.deb dee9317ef414090f50253dbdaaeca9e014c5a54a6800dd4c531bc6c418eac4d5 88696 libpostproc-dev_0.8.5-1_amd64.deb 3a2f905866bafceb0225eae6618e15d14de95d33c1e118ee8fbcc47264b5e575 130846 libswscale-dev_0.8.5-1_amd64.deb 9dc30c8a6f1e74d3114563c3c29b905d5be8e5d8e125bc953b4c54803f5f6b47 43068 libavutil-extra-51_0.8.5-1_all.deb d16eeae1c8cd3c0bf5df9eb20525df090adecefc55e4c81af8909ac76d8817e4 2505964 libavcodec-extra-53_0.8.5-1_amd64.deb 37b380ba50481cf1466364c9f9980a6f83aeaa3e424a4fc8bd32a31d5e3bb481 43072 libavdevice-extra-53_0.8.5-1_all.deb 66c26ae4518d8d9818033b08e6b50057bf84117cc610050fe8239fe4b0230f33 43070 libavfilter-extra-2_0.8.5-1_all.deb 6ba387f429b30f334049628eca6ec005074a5a67fdc41f0de26fd0e8b88ac26c 43080 libpostproc-extra-52_0.8.5-1_all.deb b8819df0b23bba0b40449cef904a6df2d2aee68a9ed75e9ed9eff04f1cd9b7a2 43072 libavformat-extra-53_0.8.5-1_all.deb afa49dc404fcbdaff562951ded15747e24acdeca9480e3638b8216c02c21486f 43062 libswscale-extra-2_0.8.5-1_all.deb Files: 110501920c9412133bf1fddf6a59b5ab 3680 libs optional libav_0.8.5-1.dsc 69c0760e51f6c343a13715ea2e388f90 5287702 libs optional libav_0.8.5.orig.tar.gz 5ccf7065d28f29e8a804d38df082d521 41573 libs optional libav_0.8.5-1.debian.tar.gz 4869bb083748b6b39118d9b3471a1d6e 363736 video optional libav-tools_0.8.5-1_amd64.deb 2914f816bcb4dfce980fdccef6d99521 137958 oldlibs extra ffmpeg_0.8.5-1_amd64.deb 3b528d9ea77fb2066eee4518e13732af 43040 oldlibs extra ffmpeg-dbg_0.8.5-1_all.deb 1aa4ba0451f12c8811838fc7f698ccab 21706086 debug extra libav-dbg_0.8.5-1_amd64.deb 108edfa9cd191dc13922c1727db7487e 43034 oldlibs extra libav-extra-dbg_0.8.5-1_all.deb f69ef21dbb722802704fde40b8829181 43102 oldlibs extra ffmpeg-doc_0.8.5-1_all.deb 27a472ecd5b168b982d4a8d595931d3a 12444332 doc optional libav-doc_0.8.5-1_all.deb 7f2d0632349d576235948a47ea42d1e7 92428 libs optional libavutil51_0.8.5-1_amd64.deb b2ef0b9e80dfdd6c9b8a1fa450aa4efd 2502832 libs optional libavcodec53_0.8.5-1_amd64.deb 69be0939267c4e773698e213a96587b3 68180 libs optional libavdevice53_0.8.5-1_amd64.deb 3462f54071aa2bb0cc563e14336dfd91 463710 libs optional libavformat53_0.8.5-1_amd64.deb 024272f4e4555e9dfe5084f962143bd9 114538 libs optional libavfilter2_0.8.5-1_amd64.deb 28262fa41c25b6c4685253f5a9e320d4 88558 libs optional libpostproc52_0.8.5-1_amd64.deb d8a1265154267be408e5fc46366d027a 120416 libs optional libswscale2_0.8.5-1_amd64.deb d532ca2f420245d8366a813fcb4dc5e2 132508 libdevel optional libavutil-dev_0.8.5-1_amd64.deb 248b03817ae428268bd2a2c10ce19c86 2747356 libdevel optional libavcodec-dev_0.8.5-1_amd64.deb 300a9c63e5778cd211e3261308761002 70058 libdevel optional libavdevice-dev_0.8.5-1_amd64.deb 251bde6a2442f67f348b06f4461525df 549968 libdevel optional libavformat-dev_0.8.5-1_amd64.deb fc0f6393302b71da3b21ba237ced0ad7 133894 libdevel optional libavfilter-dev_0.8.5-1_amd64.deb 3dbf946f10bafc0d3a3a222d7a2a9092 88696 libdevel optional libpostproc-dev_0.8.5-1_amd64.deb 1938a5517fe96e788dfe5119401211f3 130846 libdevel optional libswscale-dev_0.8.5-1_amd64.deb 0a57dfe1063e59d37ecd515e58021a8b 43068 oldlibs extra libavutil-extra-51_0.8.5-1_all.deb fe3fb3a89585259c2a00d075fe439701 2505964 libs optional libavcodec-extra-53_0.8.5-1_amd64.deb 2bbd88476c859aec46dc023160dcd9ec 43072 oldlibs extra libavdevice-extra-53_0.8.5-1_all.deb 147ed94c0dc1956cca7fa4a7132975df 43070 oldlibs extra libavfilter-extra-2_0.8.5-1_all.deb ec0f2a6427170951d45c50ac573be8f1 43080 oldlibs extra libpostproc-extra-52_0.8.5-1_all.deb e968f2749006bc397b1ba4b8b3c706ed 43072 oldlibs extra libavformat-extra-53_0.8.5-1_all.deb 0bffe36ac9c5201e0c9a75d3e7ccbb99 43062 oldlibs extra libswscale-extra-2_0.8.5-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Debian Powered! iEYEARECAAYFAlDyzz8ACgkQmAg1RJRTSKQ++wCdFvWAO+21kfOv+R56rkm0bSIt ZXAAoICSjLBqE9XjdBHXMC4RoNcqZgps =7RrI -----END PGP SIGNATURE-----
--- End Message ---
