Your message dated Tue, 01 Feb 2011 07:40:58 +0100
with message-id <87bp2wqmth....@faui44a.informatik.uni-erlangen.de>
and subject line Re: Bug#610550: [CVE-2011-0480] memory corruptions in the
ffmpeg Vorbis codec
has caused the Debian Bug report #610550,
regarding [CVE-2011-0480] memory corruptions in the ffmpeg Vorbis codec
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
610550: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ffmpeg
Severity: important
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ffmpeg.
CVE-2011-0480[0]:
| Multiple buffer overflows in the Vorbis decoder in Google Chrome
| before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote
| attackers to cause a denial of service or possibly have unspecified
| other impact via unknown vectors.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
In upstream the report is [1]. The proposed patch is [2].
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480
http://security-tracker.debian.org/tracker/CVE-2011-0480
[1] http://roundup.ffmpeg.org/issue2548
[2]
http://git.ffmpeg.org/?p=ffmpeg.git;a=blobdiff;f=libavcodec/vorbis_dec.c;h=c2bde812efca51ef09ed893a8a03f9bc0df2aa26;hp=749e9a939681cec052a63f3540f5a690af989cfd;hb=13184036a6b1b1d4b61c91118c0896e9ad4634c3;hpb=03ec42aa1ce738761130335e6e6f5ef5d0d1eadf
--- End Message ---
--- Begin Message ---
On Tue, Feb 01, 2011 at 03:15:33 (CET), Michael Gilbert wrote:
> notfound 610550 4:0.5.2-6
> tag 610550 -unreproducible
> thanks
>
> it looks like you're using a newer svn version of ffmpeg. at least
> 0.5.2 in unstable doesn't yet support webm, so it isn't affected. i
> haven't checked 0.6.1 in experimental.
I did and it doesn't crash for me.
With this rationale, I'm closing this bug for now, but by all means,
please reopen it as soon as you have a testcase for me.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
