Your message dated Sat, 21 Jan 2006 09:47:10 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#342207: fixed in ffmpeg 0.cvs20050918-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Dec 2005 09:41:39 +0000
>From [EMAIL PROTECTED] Tue Dec 06 01:41:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111]
helo=vserver151.vserver151.serverflex.de)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EjZKN-0004xs-Dy
for [EMAIL PROTECTED]; Tue, 06 Dec 2005 01:41:39 -0800
Received: from wlan-client-022.informatik.uni-bremen.de ([134.102.116.23]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EjZKK-0001Ju-8L
for [EMAIL PROTECTED]; Tue, 06 Dec 2005 10:41:36 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1EjZJt-0001VY-SM; Tue, 06 Dec 2005 10:41:09 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: ffmpeg: Exploitable heap overflow in libavcodec's image handling
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: reportbug 3.18
Date: Tue, 06 Dec 2005 10:41:08 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.23
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: ffmpeg
Version: 0.cvs20050918-5
Severity: grave
Tags: security
Justification: user security hole
An exploitable heap overflow has been found in libavcodec's handling
of images with PIX_FMT_PAL8 pixel formats. Please see
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
for more information and a demo image.
Upstream's fix can be found at
http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages ffmpeg depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
ii libdc1394-13 1.1.0-2 high level programming interface f
ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib
ii libgsm1 1.0.10-13 Shared libraries for GSM speech co
ii libimlib2 1.2.1-2 powerful image loading and renderi
ii libogg0 1.1.2-1 Ogg Bitstream Library
ii libraw1394-5 0.10.1-1.1 library for direct access to IEEE
ii libsdl1.2debian 1.2.9-0.0 Simple DirectMedia Layer
ii libtheora0 0.0.0.alpha4-1.1 The Theora Video Compression Codec
ii libvorbis0a 1.1.0-1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.1.0-1 The Vorbis General Audio Compressi
ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li
ii xlibs 6.8.2.dfsg.1-11 X Window System client libraries m
ii zlib1g 1:1.2.3-8 compression library - runtime
ffmpeg recommends no packages.
-- no debconf information
---------------------------------------
Received: (at 342207-close) by bugs.debian.org; 21 Jan 2006 17:50:57 +0000
>From [EMAIL PROTECTED] Sat Jan 21 09:50:57 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F0MpS-00086h-6Z; Sat, 21 Jan 2006 09:47:10 -0800
From: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#342207: fixed in ffmpeg 0.cvs20050918-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 21 Jan 2006 09:47:10 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: ffmpeg
Source-Version: 0.cvs20050918-6
We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:
ffmpeg_0.cvs20050918-6.diff.gz
to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.diff.gz
ffmpeg_0.cvs20050918-6.dsc
to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.dsc
ffmpeg_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6_i386.deb
libavcodec-dev_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/libavcodec-dev_0.cvs20050918-6_i386.deb
libavformat-dev_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/libavformat-dev_0.cvs20050918-6_i386.deb
libpostproc-dev_0.cvs20050918-6_i386.deb
to pool/main/f/ffmpeg/libpostproc-dev_0.cvs20050918-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> (supplier of updated ffmpeg
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 21 Jan 2006 16:51:26 +0100
Source: ffmpeg
Binary: libavformat-dev ffmpeg libavcodec-dev libpostproc-dev
Architecture: source i386
Version: 0.cvs20050918-6
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Changed-By: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Description:
ffmpeg - multimedia player, server and encoder
libavcodec-dev - development files for libavcodec
libavformat-dev - development files for libavformat
libpostproc-dev - development files for libpostproc
Closes: 337846 338895 342207
Changes:
ffmpeg (0.cvs20050918-6) unstable; urgency=low
.
* Developer upload.
* Acknowledge NMU. Thanks to Samuel Mimram (Closes: #342207).
* configure:
+ Set RUNTIME_CPUDETECT (except on m68k where it ICEs and on x86 where it
fails to build some asm constructs) (Closes: #337846).
* debian/rules:
+ Make the build process aware of DEB_BUILD_OPTIONS, thanks to Timo
Lindfors (Closes: #338895).
Files:
c4a4fa61a29e7716fa2a6b0997487297 849 libs optional ffmpeg_0.cvs20050918-6.dsc
d9b20def819d497a95480ca5a4268e03 13927 libs optional
ffmpeg_0.cvs20050918-6.diff.gz
5ae9a438fea578e25a59cce9b3b2e0b1 4199046 graphics optional
ffmpeg_0.cvs20050918-6_i386.deb
1a28db130123572fe2da025ef84e62f7 2540706 libdevel optional
libavcodec-dev_0.cvs20050918-6_i386.deb
0f5210e67630db9c1e7e5959cb73b761 46594 libdevel optional
libpostproc-dev_0.cvs20050918-6_i386.deb
7a94b2dce4ce9d0e53cdcbd42a297911 545206 libdevel optional
libavformat-dev_0.cvs20050918-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD0m1NfPP1rylJn2ERAkl+AJ4p+bVBWcAX7Z3bxT/NXHx9n4Ov7wCcChm2
8GD8/2d0Cby2LPs1Wf6eubs=
=uDNU
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]