Your message dated Fri, 05 Mar 2010 22:03:35 +0000
with message-id <e1nnfcn-0004az...@ries.debian.org>
and subject line Bug#570713: fixed in ffmpeg 4:0.5.1-1
has caused the Debian Bug report #570713,
regarding ffmpeg: remaining vulnerabilities from bug #550442
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
570713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570713
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: ffmpeg
version: 0.svn20080206-18
severity: serious
tags: security

hi, i have just tested the latest ffmpeg update against the original
proof of concepts [0] reported in bug #550442 [1].  many of them are
still effective.  there is some good news though; i've found that
upstream has addressed all of the problems in their latest svn version.
attached are my findings.

reference [2] may be useful to track down the other needed patches; or
it may be easier to just upgrade to a new svn (however, the patches
still need to be determined for stable).

mike

[0] http://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442
[2] http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/97154

Attachment: ffmpeg
Description: Binary data


--- End Message ---
--- Begin Message ---
Source: ffmpeg
Source-Version: 4:0.5.1-1

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:

ffmpeg-dbg_0.5.1-1_amd64.deb
  to main/f/ffmpeg/ffmpeg-dbg_0.5.1-1_amd64.deb
ffmpeg-doc_0.5.1-1_all.deb
  to main/f/ffmpeg/ffmpeg-doc_0.5.1-1_all.deb
ffmpeg_0.5.1-1.diff.gz
  to main/f/ffmpeg/ffmpeg_0.5.1-1.diff.gz
ffmpeg_0.5.1-1.dsc
  to main/f/ffmpeg/ffmpeg_0.5.1-1.dsc
ffmpeg_0.5.1-1_amd64.deb
  to main/f/ffmpeg/ffmpeg_0.5.1-1_amd64.deb
ffmpeg_0.5.1.orig.tar.gz
  to main/f/ffmpeg/ffmpeg_0.5.1.orig.tar.gz
libavcodec-dev_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavcodec-dev_0.5.1-1_amd64.deb
libavcodec52_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavcodec52_0.5.1-1_amd64.deb
libavdevice-dev_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavdevice-dev_0.5.1-1_amd64.deb
libavdevice52_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavdevice52_0.5.1-1_amd64.deb
libavfilter-dev_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavfilter-dev_0.5.1-1_amd64.deb
libavfilter0_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavfilter0_0.5.1-1_amd64.deb
libavformat-dev_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavformat-dev_0.5.1-1_amd64.deb
libavformat52_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavformat52_0.5.1-1_amd64.deb
libavutil-dev_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavutil-dev_0.5.1-1_amd64.deb
libavutil49_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libavutil49_0.5.1-1_amd64.deb
libpostproc-dev_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libpostproc-dev_0.5.1-1_amd64.deb
libpostproc51_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libpostproc51_0.5.1-1_amd64.deb
libswscale-dev_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libswscale-dev_0.5.1-1_amd64.deb
libswscale0_0.5.1-1_amd64.deb
  to main/f/ffmpeg/libswscale0_0.5.1-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 570...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated ffmpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 03 Mar 2010 22:28:24 +0100
Source: ffmpeg
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 
libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev 
libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev 
libswscale-dev
Architecture: source amd64 all
Version: 4:0.5.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian multimedia packages maintainers 
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description: 
 ffmpeg     - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec52 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavfilter-dev - development files for libavfilter
 libavfilter0 - ffmpeg video filtering library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil49 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Closes: 570050 570713
Changes: 
 ffmpeg (4:0.5.1-1) unstable; urgency=low
 .
   * new upstream release:
     - clarifies documentation on metadata, Closes: #570050, LP: #501729
     - further security backports, Closes: #570713
   * adapt to new versioning scheme
   * use '<<' instead of '<' relationship for internal shlib file
   * merge changes from ubuntu packaging
   * drop wmapro backport again as discussed with upstream. The unrelated
     changes seem too risky for a stable release.
Checksums-Sha1: 
 49e3491ed51a03134da89c5bdc59ff2ea934f8c6 2345 ffmpeg_0.5.1-1.dsc
 90ab061b1fa7f44cb5378d52885550a61634dda3 3329034 ffmpeg_0.5.1.orig.tar.gz
 1aee776fb1b8eb36e58e87cf032869ec16f3b440 59622 ffmpeg_0.5.1-1.diff.gz
 7612f300cc6f1fe692f37283c419a79627cb23c0 236976 ffmpeg_0.5.1-1_amd64.deb
 f1d403ce60cbf87313a397d21545c471052aebe2 5120430 ffmpeg-dbg_0.5.1-1_amd64.deb
 8197dbe425b3c0da47bca6b90f24f00637718f6d 14003938 ffmpeg-doc_0.5.1-1_all.deb
 3a99562d14c79cf413d83f2ea0887b397968628e 63404 libavutil49_0.5.1-1_amd64.deb
 c7132b05f9555b4d80181e8aafcce8094e5e7fb9 2191018 libavcodec52_0.5.1-1_amd64.deb
 96094f10e9aaddd632f646b7b0248c2ed4e02e1f 56916 libavdevice52_0.5.1-1_amd64.deb
 6b26bf2e673d655ff7f0a9525b5964f0a39839b7 363160 libavformat52_0.5.1-1_amd64.deb
 0bdc7e27032d19df7a027281ab3562c642dbdd9f 46400 libavfilter0_0.5.1-1_amd64.deb
 8cac7442c1806b17c2111eea315f06006eff0b39 122288 libpostproc51_0.5.1-1_amd64.deb
 f9e8938f089aabfba20b78377e4852f7389263a1 172004 libswscale0_0.5.1-1_amd64.deb
 deea7ae235215698f30c0ada3af98d88e9ddca80 80550 libavutil-dev_0.5.1-1_amd64.deb
 1328c956c34bab6cf3d769b2a483f65e89cbd553 2476610 
libavcodec-dev_0.5.1-1_amd64.deb
 a3448e684a4ad0dd675b3bac05d8ae1ac9ab457a 58362 
libavdevice-dev_0.5.1-1_amd64.deb
 52097026795e31c7e30383c6cc2cda3845b966dd 466148 
libavformat-dev_0.5.1-1_amd64.deb
 d1d68644380bed1565274f0f06e6b4e681a031b6 53908 
libavfilter-dev_0.5.1-1_amd64.deb
 18d8af460d7b14c29caedd0980c8f737719108db 123110 
libpostproc-dev_0.5.1-1_amd64.deb
 3282ce2b4f22c9b14abc396b5af73c7134874ce5 180984 
libswscale-dev_0.5.1-1_amd64.deb
Checksums-Sha256: 
 c47b764580907f2b092b9d8204e1f7f1164f7dd127935f0d35d887ddc384abbd 2345 
ffmpeg_0.5.1-1.dsc
 da55f020d041e02e34e04c6bbba2d65f2d97220d3f977be654fee55f2e74cc83 3329034 
ffmpeg_0.5.1.orig.tar.gz
 2a09596eb53718ec7fc47b662f9dd2952534b311114fa387acec94005cd7eb3c 59622 
ffmpeg_0.5.1-1.diff.gz
 3b7fbe244db6a762539ac97c7152ce537f4bb1de9033c2f7ccc492616fff3324 236976 
ffmpeg_0.5.1-1_amd64.deb
 5e8d1ea2ffe571493a85d78fef4107026d794cb1ced2204e0f09cc2a08e8ad76 5120430 
ffmpeg-dbg_0.5.1-1_amd64.deb
 c2bf9802b6b8007e6f022441ef63da0fb4922b4611b518d8fa3b6133ad2568fe 14003938 
ffmpeg-doc_0.5.1-1_all.deb
 6e4752aafb53b87f042c9da63d24ca09da75fcb74b9da694970f173d16b5c342 63404 
libavutil49_0.5.1-1_amd64.deb
 70b26a4e8715a7b5a995d9b7b3e165db58ff14828fc5826a5e60ecc17cefad2a 2191018 
libavcodec52_0.5.1-1_amd64.deb
 2158f79f92078a4daf5c8726703e100616c197298836e87bf39f03633fe66831 56916 
libavdevice52_0.5.1-1_amd64.deb
 51198bfa43f2e5f2068740e374d9b7a102fd1eafb2e2f257baee79c2b7dddbaf 363160 
libavformat52_0.5.1-1_amd64.deb
 ad20a283b2db8de2197d1c15c6cebfe31c2db72360a183f3efad319823e09935 46400 
libavfilter0_0.5.1-1_amd64.deb
 8a384a8863335cd9be05a6df0ec6d67272610b772f75ec8d14df0a987269e11e 122288 
libpostproc51_0.5.1-1_amd64.deb
 d4b8a9160374d5ffefdf9b2ee3a7dfb08aa5bc7e8eebbd8aeb72331ca3fce41b 172004 
libswscale0_0.5.1-1_amd64.deb
 e61dc25f05eee61939c0c197da47a226c25375a13669b96093e02f71703724af 80550 
libavutil-dev_0.5.1-1_amd64.deb
 b68aea3ebb04a7d1d5d93539fae9be0ab01b7888f98eceb8380d7e6caacc20ea 2476610 
libavcodec-dev_0.5.1-1_amd64.deb
 7542356167a1f63cfcbc04cc1f892c2393f8b30ef138975964a09af326247da1 58362 
libavdevice-dev_0.5.1-1_amd64.deb
 455adf4112485a842f73a850259a72d09a7b8d4a2895335582be5d84f31a8b16 466148 
libavformat-dev_0.5.1-1_amd64.deb
 8d9c9a200df9f41a080072e52fea3a2fc39024f2d20e44fefdd5d298e1a7aab6 53908 
libavfilter-dev_0.5.1-1_amd64.deb
 9cf66852b628740127194728624cb899747d6e03a0c01226ad9a5000a1384ca2 123110 
libpostproc-dev_0.5.1-1_amd64.deb
 3c48f71a8cb5cc1c19f8e927cff34629a7c8c80f19d1baed48b0317a48ab54b8 180984 
libswscale-dev_0.5.1-1_amd64.deb
Files: 
 46ff51d94bd8d695101b35e2f6f0e4e3 2345 libs optional ffmpeg_0.5.1-1.dsc
 11c660064f83ac74304849b731df79fc 3329034 libs optional ffmpeg_0.5.1.orig.tar.gz
 455390a8ded05354b05ee164b21c24e8 59622 libs optional ffmpeg_0.5.1-1.diff.gz
 e3a9a8394e2415f6eeed8733b5644100 236976 video optional ffmpeg_0.5.1-1_amd64.deb
 cd80437ec7590f5baa99e620483fbc6e 5120430 debug extra 
ffmpeg-dbg_0.5.1-1_amd64.deb
 b4c19e94f1cac1937d2cc92a49f732a8 14003938 doc optional 
ffmpeg-doc_0.5.1-1_all.deb
 a92903128ce716f25d75752bb3f3dc04 63404 libs optional 
libavutil49_0.5.1-1_amd64.deb
 9c4e6c040a15190db7c9762fc3ded256 2191018 libs optional 
libavcodec52_0.5.1-1_amd64.deb
 a7208951de81abfb18819feb289f27cc 56916 libs optional 
libavdevice52_0.5.1-1_amd64.deb
 eab2b9a6ba10dbe0a6cd39dd118dd41a 363160 libs optional 
libavformat52_0.5.1-1_amd64.deb
 627f1ef0861b98e6cff45f6ab518cb70 46400 libs optional 
libavfilter0_0.5.1-1_amd64.deb
 e798fc8519ec91383d4559c0f0e521cd 122288 libs optional 
libpostproc51_0.5.1-1_amd64.deb
 b1f901630060365d7bef7b4ca211170e 172004 libs optional 
libswscale0_0.5.1-1_amd64.deb
 5986d28771bafc4608a6063b614ee85e 80550 libdevel optional 
libavutil-dev_0.5.1-1_amd64.deb
 b6f8d726139d318faf6e3762eb9dc7f3 2476610 libdevel optional 
libavcodec-dev_0.5.1-1_amd64.deb
 055f61695867c0e20db9518bba140d82 58362 libdevel optional 
libavdevice-dev_0.5.1-1_amd64.deb
 8fa9799db07680dfdfd31bd324215489 466148 libdevel optional 
libavformat-dev_0.5.1-1_amd64.deb
 593dfaf51269ea660c9717a7018a0d04 53908 libdevel optional 
libavfilter-dev_0.5.1-1_amd64.deb
 fb39e408927bd31eb1ad1a04700788fb 123110 libdevel optional 
libpostproc-dev_0.5.1-1_amd64.deb
 be3ab2080407b02c7c2d066388df010c 180984 libdevel optional 
libswscale-dev_0.5.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Debian Powered!

iJwEAQECAAYFAkuPfkIACgkQ78RAoABp8o88oQQArUY3tknGCQ2cLI3y/rdD5N/K
eGjxX5THoAEwiimVujU7PgkqMWvZJ9EiyHOT58BJMPU0ym8qvImviBzfAN+SMXP1
mnvvacBgRM/JDPPm5BcHLymVHaxx5mwHjDMeg4TFUxMoqRt5g6OBgt5GH1lEfgv9
0HHlk4FetJ+9O4G5Q4Y=
=FMGp
-----END PGP SIGNATURE-----



--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to