Your message dated Wed, 12 Oct 2016 11:21:51 +0000 with message-id <e1buhbb-0008op...@franck.debian.org> and subject line Bug#840434: fixed in ffmpeg 7:3.1.4-1 has caused the Debian Bug report #840434, regarding ffmpeg: CVE-2016-7122 CVE-2016-7450 CVE-2016-7502 CVE-2016-7555 CVE-2016-7562 CVE-2016-7785 CVE-2016-7905 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 840434: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840434 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ffmpeg Version: 7:3.1.3-2 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerabilities were published for ffmpeg. CVE-2016-7122[0], CVE-2016-7450[1], CVE-2016-7502[2], CVE-2016-7555[3], CVE-2016-7562[4], CVE-2016-7785[5], CVE-2016-7905[6]. The upstream commits are referenced on the security-tracker pages and updating to 3.1.4 would fix all of them. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7122 [1] https://security-tracker.debian.org/tracker/CVE-2016-7450 [2] https://security-tracker.debian.org/tracker/CVE-2016-7502 [3] https://security-tracker.debian.org/tracker/CVE-2016-7555 [4] https://security-tracker.debian.org/tracker/CVE-2016-7562 [5] https://security-tracker.debian.org/tracker/CVE-2016-7785 [6] https://security-tracker.debian.org/tracker/CVE-2016-7905 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ffmpeg Source-Version: 7:3.1.4-1 We believe that the bug you reported is fixed in the latest version of ffmpeg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 840...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Cadhalpun <andreas.cadhal...@googlemail.com> (supplier of updated ffmpeg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 11 Oct 2016 21:17:10 +0200 Source: ffmpeg Binary: ffmpeg ffmpeg-doc libavcodec57 libavcodec-extra57 libavcodec-extra libavcodec-dev libavdevice57 libavdevice-dev libavfilter6 libavfilter-extra6 libavfilter-extra libavfilter-dev libavformat57 libavformat-dev libavresample3 libavresample-dev libavutil55 libavutil-dev libpostproc54 libpostproc-dev libswresample2 libswresample-dev libswscale4 libswscale-dev libav-tools Architecture: source Version: 7:3.1.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> Changed-By: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> Description: ffmpeg - Tools for transcoding, streaming and playing of multimedia files ffmpeg-doc - Documentation of the FFmpeg multimedia framework libav-tools - Compatibility links for libav-tools (transitional package) libavcodec-dev - FFmpeg library with de/encoders for audio/video codecs - developm libavcodec-extra - FFmpeg library with extra codecs (metapackage) libavcodec-extra57 - FFmpeg library with additional de/encoders for audio/video codecs libavcodec57 - FFmpeg library with de/encoders for audio/video codecs - runtime libavdevice-dev - FFmpeg library for handling input and output devices - developmen libavdevice57 - FFmpeg library for handling input and output devices - runtime fi libavfilter-dev - FFmpeg library containing media filters - development files libavfilter-extra - FFmpeg library with extra filters (metapackage) libavfilter-extra6 - FFmpeg library with extra media filters - runtime files libavfilter6 - FFmpeg library containing media filters - runtime files libavformat-dev - FFmpeg library with (de)muxers for multimedia containers - develo libavformat57 - FFmpeg library with (de)muxers for multimedia containers - runtim libavresample-dev - FFmpeg compatibility library for resampling - development files libavresample3 - FFmpeg compatibility library for resampling - runtime files libavutil-dev - FFmpeg library with functions for simplifying programming - devel libavutil55 - FFmpeg library with functions for simplifying programming - runti libpostproc-dev - FFmpeg library for post processing - development files libpostproc54 - FFmpeg library for post processing - runtime files libswresample-dev - FFmpeg library for audio resampling, rematrixing etc. - developme libswresample2 - FFmpeg library for audio resampling, rematrixing etc. - runtime f libswscale-dev - FFmpeg library for image scaling and various conversions - develo libswscale4 - FFmpeg library for image scaling and various conversions - runtim Closes: 840434 Changes: ffmpeg (7:3.1.4-1) unstable; urgency=medium . [ Ondřej Nový ] * Disable librtmp support, because the built-in RTMP support is better. . [ Andreas Cadhalpun ] * Import new upstream bugfix release 3.1.4. - Fixes CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555, CVE-2016-7562, CVE-2016-7785 and CVE-2016-7905. (Closes: #840434) * Fix typos. * Replace libopencv-dev build-dependency with libopencv-imgproc-dev. * Improve build-time optimization for libavfilter-extra. * Mention sofalizer in libavfilter-extra6 description. * Remove redundant nocheck test. * Add libopenjpegenc-recreate-image-data-buffer.patch to fix autopkg test crashes. * Let the encdec test print the command before executing it. * Update encdec*_list.txt. * Re-enable the libopenjpeg decoder. * Enable libzmq on hurd, as it is now available there. * Use 'set -e' to abort build on configure failure. * Only set CC/CXX if they differ from the default. * Set configure options for cross-building. Checksums-Sha1: c3228874bd5787da7a274d255d272515454e23c9 4742 ffmpeg_3.1.4-1.dsc af1860100e1ea5fcde1aaee60a853158b9e9c771 7811392 ffmpeg_3.1.4.orig.tar.xz 995b344c027a76112f524fc9685e9047dff48593 37444 ffmpeg_3.1.4-1.debian.tar.xz Checksums-Sha256: cb3a9447c4af5b2d39110592b23385ff78951e05818d07932de05c3b134529b9 4742 ffmpeg_3.1.4-1.dsc a80cb378dda5c9bbcdbd62a99bdec0e4eedbcb47f290e72845af4855c1146b5b 7811392 ffmpeg_3.1.4.orig.tar.xz bb2473b34f9bebf708526cb1727f9a08a01dbcdc3c55f855d5732ac561de546e 37444 ffmpeg_3.1.4-1.debian.tar.xz Files: 94d37b120ca490032c2ec8fc9f5ae8d5 4742 video optional ffmpeg_3.1.4-1.dsc b54d3e3d2d14d64305b840bb3d287445 7811392 video optional ffmpeg_3.1.4.orig.tar.xz 860f2253b2a660182ead01b7bc4538cc 37444 video optional ffmpeg_3.1.4-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX/hRVAAoJEPZk0la0aRp9JSMP/0LUISCLKWu6mbID5Da2RJx1 G19LcoClyUwy/Erh0JS/K8TgSDv/AIkctnYebaT7usuD+ti7nOPpgdhN5l6DMhHn ryySrUrX3eSXjD2HIFTHlu+pij7Bh1HaHrErOotztV1+j1RlU8C9H+PvESxMQ4HN qDdLskOlpZfECTKPmgd0QgTXCM8PJEkbeA4P2AZ7hNK1Zr3Y0QEsplGJJbvgHfG/ ETUB0bpdSkC1lw6D8e4FulpsW2d948L8hn4YVmlWZC3jaNKzpOsLPy/IDNILQysN v01WfJ6mFElS4XF5qFPG3V+a9UA6xXWUFci9JAqVRZ0PQjp3OJD+Z37y+377MiWj 3BHm/FqHsbLa2PVL4MZX5uswVtDqiTJnZwGzfrdci7Q42FA4lzqBiB8GFPEz7q2O 1BI+OCWlUQ+sV6HXHPJGdIp5fnbaAFnP96Ey2puK/mjJ3/ezJ7vomFmXtg+vGhMo AZmSZCeYtTjcOpZj5AfpF0Yjm49P1UbnThtlhrb2ol7aJm1G+iXzfn80vh3qeBd/ kBbuQfvh7u0XmAGMjLg9MAG8Q8lPxjwiqTc2xF4fS+4sShOc2kcXBQ+Wy++SWjMj sTd3KR/eklreEMQCUGa2CuY09xyGV/kqyS1kR7xHy8tsLq6FdRCixwnCcKJo+FdM oWMc7ys3mOXgR1P2WZrp =Mafo -----END PGP SIGNATURE-----
--- End Message ---
