Bug#550442: marked as done (ffmpeg: deluge of crashes due to missing input sanitization)
Your message dated Sun, 06 Feb 2011 09:33:17 + with message-id and subject line Bug#550442: fixed in ffmpeg 4:0.6.1-3 has caused the Debian Bug report #550442, regarding ffmpeg: deluge of crashes due to missing input sanitization to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 550442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- package: ffmpeg version: 0.cvs20060823-8 severity: serious tags: security hi, ffmpeg has been found to be vulnerable to many crashers [0],[1]. this may enable remote compromise of a system. please coordinate with upstream and the security team to push out updates for these issues. mike [0] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 [1] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245 --- End Message --- --- Begin Message --- Source: ffmpeg Source-Version: 4:0.6.1-3 We believe that the bug you reported is fixed in the latest version of ffmpeg, which is due to be installed in the Debian FTP archive: ffmpeg-dbg_0.6.1-3_i386.deb to main/f/ffmpeg/ffmpeg-dbg_0.6.1-3_i386.deb ffmpeg-doc_0.6.1-3_all.deb to main/f/ffmpeg/ffmpeg-doc_0.6.1-3_all.deb ffmpeg_0.6.1-3.diff.gz to main/f/ffmpeg/ffmpeg_0.6.1-3.diff.gz ffmpeg_0.6.1-3.dsc to main/f/ffmpeg/ffmpeg_0.6.1-3.dsc ffmpeg_0.6.1-3_i386.deb to main/f/ffmpeg/ffmpeg_0.6.1-3_i386.deb libavcodec-dev_0.6.1-3_i386.deb to main/f/ffmpeg/libavcodec-dev_0.6.1-3_i386.deb libavcodec52_0.6.1-3_i386.deb to main/f/ffmpeg/libavcodec52_0.6.1-3_i386.deb libavdevice-dev_0.6.1-3_i386.deb to main/f/ffmpeg/libavdevice-dev_0.6.1-3_i386.deb libavdevice52_0.6.1-3_i386.deb to main/f/ffmpeg/libavdevice52_0.6.1-3_i386.deb libavfilter-dev_0.6.1-3_i386.deb to main/f/ffmpeg/libavfilter-dev_0.6.1-3_i386.deb libavfilter1_0.6.1-3_i386.deb to main/f/ffmpeg/libavfilter1_0.6.1-3_i386.deb libavformat-dev_0.6.1-3_i386.deb to main/f/ffmpeg/libavformat-dev_0.6.1-3_i386.deb libavformat52_0.6.1-3_i386.deb to main/f/ffmpeg/libavformat52_0.6.1-3_i386.deb libavutil-dev_0.6.1-3_i386.deb to main/f/ffmpeg/libavutil-dev_0.6.1-3_i386.deb libavutil50_0.6.1-3_i386.deb to main/f/ffmpeg/libavutil50_0.6.1-3_i386.deb libpostproc-dev_0.6.1-3_i386.deb to main/f/ffmpeg/libpostproc-dev_0.6.1-3_i386.deb libpostproc51_0.6.1-3_i386.deb to main/f/ffmpeg/libpostproc51_0.6.1-3_i386.deb libswscale-dev_0.6.1-3_i386.deb to main/f/ffmpeg/libswscale-dev_0.6.1-3_i386.deb libswscale0_0.6.1-3_i386.deb to main/f/ffmpeg/libswscale0_0.6.1-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 550...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler (supplier of updated ffmpeg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 30 Jan 2011 09:22:11 +0100 Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil50 libavcodec52 libavdevice52 libavformat52 libavfilter1 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: all i386 source Version: 4:0.6.1-3 Distribution: unstable Urgency: medium Maintainer: Debian multimedia packages maintainers Changed-By: Reinhard Tartler Closes: 294422 298095 369127 374931 420230 420231 495274 501891 522449 525385 538082 550442 559712 561553 561956 569727 582274 583728 Description: ffmpeg - Multimedia player, server, encoder and transcoder ffmpeg-dbg - Debug symbols for FFmpeg related packages ffmpeg-doc - Documentation of the FFmpeg API libavcodec-dev - Development files for libavcodec libavcodec52 - FFmpeg codec library libavdevice-dev - Development files for libavdevice libavdevice52 - FFmpeg device handling library libavfilter-dev - Development files for libavfilter libavfilter1 - FFmpeg video filtering library libavformat-dev - Development files for libavformat libavformat52 - FFmpeg file format library libavutil-dev - Development files for libavutil libavutil50 - FFmpeg utility library libpostproc-dev - Development files for libpostproc libpostproc51 - FFmpeg video postprocessing library libswscale-dev - Development files for libswscale libswscale0 - Ffmpeg video scali
Bug#550442: marked as done (ffmpeg: deluge of crashes due to missing input sanitization)
Your message dated Fri, 22 Jan 2010 16:47:45 + with message-id and subject line Bug#550442: fixed in ffmpeg 4:0.5+svn20090706-5 has caused the Debian Bug report #550442, regarding ffmpeg: deluge of crashes due to missing input sanitization to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 550442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- package: ffmpeg version: 0.cvs20060823-8 severity: serious tags: security hi, ffmpeg has been found to be vulnerable to many crashers [0],[1]. this may enable remote compromise of a system. please coordinate with upstream and the security team to push out updates for these issues. mike [0] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 [1] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245 --- End Message --- --- Begin Message --- Source: ffmpeg Source-Version: 4:0.5+svn20090706-5 We believe that the bug you reported is fixed in the latest version of ffmpeg, which is due to be installed in the Debian FTP archive: ffmpeg-dbg_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/ffmpeg-dbg_0.5+svn20090706-5_amd64.deb ffmpeg-doc_0.5+svn20090706-5_all.deb to main/f/ffmpeg/ffmpeg-doc_0.5+svn20090706-5_all.deb ffmpeg_0.5+svn20090706-5.diff.gz to main/f/ffmpeg/ffmpeg_0.5+svn20090706-5.diff.gz ffmpeg_0.5+svn20090706-5.dsc to main/f/ffmpeg/ffmpeg_0.5+svn20090706-5.dsc ffmpeg_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/ffmpeg_0.5+svn20090706-5_amd64.deb libavcodec-dev_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavcodec-dev_0.5+svn20090706-5_amd64.deb libavcodec52_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavcodec52_0.5+svn20090706-5_amd64.deb libavdevice-dev_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavdevice-dev_0.5+svn20090706-5_amd64.deb libavdevice52_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavdevice52_0.5+svn20090706-5_amd64.deb libavfilter-dev_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavfilter-dev_0.5+svn20090706-5_amd64.deb libavfilter0_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavfilter0_0.5+svn20090706-5_amd64.deb libavformat-dev_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavformat-dev_0.5+svn20090706-5_amd64.deb libavformat52_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavformat52_0.5+svn20090706-5_amd64.deb libavutil-dev_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavutil-dev_0.5+svn20090706-5_amd64.deb libavutil49_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libavutil49_0.5+svn20090706-5_amd64.deb libpostproc-dev_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libpostproc-dev_0.5+svn20090706-5_amd64.deb libpostproc51_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libpostproc51_0.5+svn20090706-5_amd64.deb libswscale-dev_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libswscale-dev_0.5+svn20090706-5_amd64.deb libswscale0_0.5+svn20090706-5_amd64.deb to main/f/ffmpeg/libswscale0_0.5+svn20090706-5_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 550...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler (supplier of updated ffmpeg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 22 Jan 2010 16:04:39 + Source: ffmpeg Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev Architecture: all amd64 source Version: 4:0.5+svn20090706-5 Distribution: unstable Urgency: medium Maintainer: Debian multimedia packages maintainers Changed-By: Reinhard Tartler Closes: 550442 561956 Description: ffmpeg-dbg - Debug symbols for ffmpeg related packages ffmpeg-doc - documentation of the ffmpeg API ffmpeg - multimedia player, server and encoder libavcodec52 - ffmpeg codec library libavcodec-dev - development files for libavcodec libavdevice52 - ffmpeg device handling library libavdevice-dev - development files for libavdevice libavfilter0 - ffmpeg video filtering library libavfilter-dev - development files for libavfilter libavformat52 - ffmpeg file format library libavformat
Bug#550442: marked as done (ffmpeg: deluge of crashes due to missing input sanitization)
Your message dated Wed, 06 Jan 2010 18:49:23 + with message-id and subject line Bug#550442: fixed in ffmpeg 4:0.5+svn20090706-3 has caused the Debian Bug report #550442, regarding ffmpeg: deluge of crashes due to missing input sanitization to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 550442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- package: ffmpeg version: 0.cvs20060823-8 severity: serious tags: security hi, ffmpeg has been found to be vulnerable to many crashers [0],[1]. this may enable remote compromise of a system. please coordinate with upstream and the security team to push out updates for these issues. mike [0] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 [1] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245 --- End Message --- --- Begin Message --- Source: ffmpeg Source-Version: 4:0.5+svn20090706-3 We believe that the bug you reported is fixed in the latest version of ffmpeg, which is due to be installed in the Debian FTP archive: ffmpeg-dbg_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/ffmpeg-dbg_0.5+svn20090706-3_amd64.deb ffmpeg-dbg_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/ffmpeg-dbg_0.5+svn20090706-3_i386.deb ffmpeg-doc_0.5+svn20090706-3_all.deb to main/f/ffmpeg/ffmpeg-doc_0.5+svn20090706-3_all.deb ffmpeg_0.5+svn20090706-3.diff.gz to main/f/ffmpeg/ffmpeg_0.5+svn20090706-3.diff.gz ffmpeg_0.5+svn20090706-3.dsc to main/f/ffmpeg/ffmpeg_0.5+svn20090706-3.dsc ffmpeg_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/ffmpeg_0.5+svn20090706-3_amd64.deb ffmpeg_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/ffmpeg_0.5+svn20090706-3_i386.deb libavcodec-dev_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavcodec-dev_0.5+svn20090706-3_amd64.deb libavcodec-dev_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavcodec-dev_0.5+svn20090706-3_i386.deb libavcodec52_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavcodec52_0.5+svn20090706-3_amd64.deb libavcodec52_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavcodec52_0.5+svn20090706-3_i386.deb libavdevice-dev_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavdevice-dev_0.5+svn20090706-3_amd64.deb libavdevice-dev_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavdevice-dev_0.5+svn20090706-3_i386.deb libavdevice52_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavdevice52_0.5+svn20090706-3_amd64.deb libavdevice52_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavdevice52_0.5+svn20090706-3_i386.deb libavfilter-dev_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavfilter-dev_0.5+svn20090706-3_amd64.deb libavfilter-dev_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavfilter-dev_0.5+svn20090706-3_i386.deb libavfilter0_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavfilter0_0.5+svn20090706-3_amd64.deb libavfilter0_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavfilter0_0.5+svn20090706-3_i386.deb libavformat-dev_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavformat-dev_0.5+svn20090706-3_amd64.deb libavformat-dev_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavformat-dev_0.5+svn20090706-3_i386.deb libavformat52_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavformat52_0.5+svn20090706-3_amd64.deb libavformat52_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavformat52_0.5+svn20090706-3_i386.deb libavutil-dev_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavutil-dev_0.5+svn20090706-3_amd64.deb libavutil-dev_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavutil-dev_0.5+svn20090706-3_i386.deb libavutil49_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libavutil49_0.5+svn20090706-3_amd64.deb libavutil49_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libavutil49_0.5+svn20090706-3_i386.deb libpostproc-dev_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libpostproc-dev_0.5+svn20090706-3_amd64.deb libpostproc-dev_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libpostproc-dev_0.5+svn20090706-3_i386.deb libpostproc51_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libpostproc51_0.5+svn20090706-3_amd64.deb libpostproc51_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libpostproc51_0.5+svn20090706-3_i386.deb libswscale-dev_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libswscale-dev_0.5+svn20090706-3_amd64.deb libswscale-dev_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libswscale-dev_0.5+svn20090706-3_i386.deb libswscale0_0.5+svn20090706-3_amd64.deb to main/f/ffmpeg/libswscale0_0.5+svn20090706-3_amd64.deb libswscale0_0.5+svn20090706-3_i386.deb to main/f/ffmpeg/libswscale0_0.5+svn20090706-3_i386.deb A summary of the changes betwe