Your message dated Sun, 06 Feb 2011 09:33:17 +0000
with message-id <e1pm0zd-00088d...@franck.debian.org>
and subject line Bug#550442: fixed in ffmpeg 4:0.6.1-3
has caused the Debian Bug report #550442,
regarding ffmpeg: deluge of crashes due to missing input sanitization
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
550442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: ffmpeg
version: 0.cvs20060823-8
severity: serious
tags: security
hi,
ffmpeg has been found to be vulnerable to many crashers [0],[1]. this
may enable remote compromise of a system.
please coordinate with upstream and the security team to push out
updates for these issues.
mike
[0] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
[1] https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
--- End Message ---
--- Begin Message ---
Source: ffmpeg
Source-Version: 4:0.6.1-3
We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:
ffmpeg-dbg_0.6.1-3_i386.deb
to main/f/ffmpeg/ffmpeg-dbg_0.6.1-3_i386.deb
ffmpeg-doc_0.6.1-3_all.deb
to main/f/ffmpeg/ffmpeg-doc_0.6.1-3_all.deb
ffmpeg_0.6.1-3.diff.gz
to main/f/ffmpeg/ffmpeg_0.6.1-3.diff.gz
ffmpeg_0.6.1-3.dsc
to main/f/ffmpeg/ffmpeg_0.6.1-3.dsc
ffmpeg_0.6.1-3_i386.deb
to main/f/ffmpeg/ffmpeg_0.6.1-3_i386.deb
libavcodec-dev_0.6.1-3_i386.deb
to main/f/ffmpeg/libavcodec-dev_0.6.1-3_i386.deb
libavcodec52_0.6.1-3_i386.deb
to main/f/ffmpeg/libavcodec52_0.6.1-3_i386.deb
libavdevice-dev_0.6.1-3_i386.deb
to main/f/ffmpeg/libavdevice-dev_0.6.1-3_i386.deb
libavdevice52_0.6.1-3_i386.deb
to main/f/ffmpeg/libavdevice52_0.6.1-3_i386.deb
libavfilter-dev_0.6.1-3_i386.deb
to main/f/ffmpeg/libavfilter-dev_0.6.1-3_i386.deb
libavfilter1_0.6.1-3_i386.deb
to main/f/ffmpeg/libavfilter1_0.6.1-3_i386.deb
libavformat-dev_0.6.1-3_i386.deb
to main/f/ffmpeg/libavformat-dev_0.6.1-3_i386.deb
libavformat52_0.6.1-3_i386.deb
to main/f/ffmpeg/libavformat52_0.6.1-3_i386.deb
libavutil-dev_0.6.1-3_i386.deb
to main/f/ffmpeg/libavutil-dev_0.6.1-3_i386.deb
libavutil50_0.6.1-3_i386.deb
to main/f/ffmpeg/libavutil50_0.6.1-3_i386.deb
libpostproc-dev_0.6.1-3_i386.deb
to main/f/ffmpeg/libpostproc-dev_0.6.1-3_i386.deb
libpostproc51_0.6.1-3_i386.deb
to main/f/ffmpeg/libpostproc51_0.6.1-3_i386.deb
libswscale-dev_0.6.1-3_i386.deb
to main/f/ffmpeg/libswscale-dev_0.6.1-3_i386.deb
libswscale0_0.6.1-3_i386.deb
to main/f/ffmpeg/libswscale0_0.6.1-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 550...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated ffmpeg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 30 Jan 2011 09:22:11 +0100
Source: ffmpeg
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil50 libavcodec52 libavdevice52
libavformat52 libavfilter1 libpostproc51 libswscale0 libavutil-dev
libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev
libswscale-dev
Architecture: all i386 source
Version: 4:0.6.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian multimedia packages maintainers
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Closes: 294422 298095 369127 374931 420230 420231 495274 501891 522449 525385
538082 550442 559712 561553 561956 569727 582274 583728
Description:
ffmpeg - Multimedia player, server, encoder and transcoder
ffmpeg-dbg - Debug symbols for FFmpeg related packages
ffmpeg-doc - Documentation of the FFmpeg API
libavcodec-dev - Development files for libavcodec
libavcodec52 - FFmpeg codec library
libavdevice-dev - Development files for libavdevice
libavdevice52 - FFmpeg device handling library
libavfilter-dev - Development files for libavfilter
libavfilter1 - FFmpeg video filtering library
libavformat-dev - Development files for libavformat
libavformat52 - FFmpeg file format library
libavutil-dev - Development files for libavutil
libavutil50 - FFmpeg utility library
libpostproc-dev - Development files for libpostproc
libpostproc51 - FFmpeg video postprocessing library
libswscale-dev - Development files for libswscale
libswscale0 - Ffmpeg video scaling library
Changes:
ffmpeg (4:0.6.1-3) unstable; urgency=low
.
* add libxfixes-dev to build depends
* minor packaging cleanups
* revised package description
* detect libopenjpeg and dirac at build-time
* remove note about packages being "Debian-specific"
* simplify lintian-overrides
* Sanitize LDFLAGS variable; it seems that dpkg-buildflags injects
-Wl,-Bsymbolic-functions to LDFLAGS, which breaks the build on amd64
.
ffmpeg (4:0.6.1-2) experimental; urgency=low
.
[ Jonas Smedegaard ]
* Relax mplayer Breaks to permit backports and other early releases.
.
[ Reinhard Tartler ]
* Bump Standards-Version, no changes needed.
.
[ Matthias Klose ]
* Configure with --enable-pic on powerpc. LP: #654666.
.
ffmpeg (4:0.6.1-1) experimental; urgency=low
.
* Imported Upstream version 0.6.1
* prepare new upload
* remove patches merged upstream
* add gitignore file
.
ffmpeg (4:0.6-2) experimental; urgency=low
.
[ Fabian Greffrath ]
* Enable RTMP[E] support via librtmp.
* Disable aac encoder, see README.Debian.
* Fix obsolete-relation-form for the internal dependencies.
* Merge debian/README.Source into debian/README.source and add section
headers.
* Remove obsoleted support for the non-free libamr-nb/wb.
.
[ Reinhard Tartler ]
* enable runtime-cpudetect
* conditionally build against opencore-amr if installed in the build
environment
* update upstream url in debian/copyright
* fix usage documentation in debian/get-orig-source.sh
* update dep3 headers for debian/patches/900_doxyfile
* add proper replaces for moving presets back to ffmpeg
* make debian/patches gbp-pq friendly
* Add VP80 fourcc to libavformat/riff.c
* Backport-AAC-HE-v2
* bump Standards-Version, no changes needed
.
ffmpeg (4:0.6-1) experimental; urgency=low
.
* new upstream release
- adds VP8 support via libvpx, Closes: #582274
* depend on libavfilter-extra-1 instead of -0, Closes: #583728
* add conflicts to the ffprobe package, it has been merged upstream now
.
ffmpeg (4:0.6~svn20100505-1) experimental; urgency=low
.
* update to new upstream. Closes: #569727
- fixes various segfaults and other minor feature improvements
Closes: #374931, #522449, #501891, #559712, #420231, #369127, #538082,
#298095, #294422, #561553, #525385, #495274, #420230
LP: #305286, #457106, #529200, #301723, #305315, #336479, #420230,
#412063, #428912, #432181, #440591, #453732, #453732, #453732,
#514259, #515243, #521472, #530186, #530186, #197842, #483317,
#483317, #539407, #280098, #331255, #566107, #569823, #570305,
#573190
* Fixup lintian overrides for new upstream snapshot
* Bump Standards-Version to 3.8.4
* Many upstream changes, see upstream Changelog for details
.
ffmpeg (4:0.5+svn20090706-5) unstable; urgency=medium
.
* Upload to unstable
* Urgency medium because of fixed RC bugs (security issues)
.
ffmpeg (4:0.5+svn20090706-4) experimental; urgency=low
.
[ Loïc Minier ]
* Use default toolchain setup on ARM flavors for noopt and only add FPU
CFLAGS in the VFP and NEON flavors; this is ok since internally, cpu will
be set to "generic" but -march=generic or -mcpu=generic will NOT be added
to the build flags.
* Build all armel flavours with -marm since ffmpeg has a lot of hand crafted
assembly which doesn't build in the new lucid default mode (Thumb 2);
LP: #488267
* Build all armel flavours with -fPIC -DPIC instead of just the neon flavour
as the new flags/toolchain require this in Ubuntu lucid.
* Build some assembly test code -- just like configure -- to decide whether
the *default* toolchain uses vfp or neon to decided whether to build the
vfp and neon flavors.
* Drop --disable/--enable opt flags such as --disable-neon or
--enable-armvfp on ARM since the upstream configure script will do the
right thing when the proper flags are set.
.
[ Reinhard Tartler ]
* build with PIC on powerpc (Closes: #561956)
.
ffmpeg (4:0.5+svn20090706-3) experimental; urgency=low
.
[ Loïc Minier ]
* Disable more autodetecter ARM arch features
* Enable neon flavour
* Update NEON confflags to assume v7 and VFP
* Add backported NEON patches from ffmpeg trunk
* Pass proper --cpu and --extra-flags on armel
* Pass -fPIC -DPIC to neon pass
.
[ Fabian Greffrath ]
* Initialize the FLAVORS variable to static instead of appending to
it. Also, we do not support the internalencoders variable anymore.
.
[ Andres Mejia ]
* Remove unused patches from packaging.
* Update Vcs-* entries to new location.
* Bump Standards-Version to 3.8.3.
.
[ Reinhard Tartler ]
* change shlibs file to make applications depend on the -extra- packages
* loosen dependencies further, so that the -dev packages remain
installable even if ffmpeg-extra is 'out-of-date'
* add patch for issue1245: Make arguments of av_set_pts_info() unsigned.
* Support constant-quant encoding for libtheora, LP: #356322
* increase swscale compile time width (VOF/VOFW), LP: #443264
* Backports of various security patches, Closes: #550442, including:
- backport fixes for vorbis_dec
- backport oggparsevorbis fix
- backport vp3 fixes
- backport ffv1 fix
- libavcodec/mpegaudiodec.c backports
- h264 security backports
- backported libavformat/mov.c security fixes
- backported libavformat/oggdec.c security fixes
- backport svn r18016 aka 'MOV-Support-stz2-Compact-Sample-Size-Box'
to fix FTBFS
* enable symbol versioning
* bump shlibs version
* add README.source describing how this source package manages patches
* make sure the ${misc:Depends} substvar is used for each binary package
Checksums-Sha1:
273dfe5019431fa32b8cbbf87a3452f2f9a8c61e 2400 ffmpeg_0.6.1-3.dsc
6884d7ed014b840679f9b6de6f34bd4843768ae9 4412089 ffmpeg_0.6.1.orig.tar.gz
940e8297ee7dff361f88e671f886132f5674c54f 31179 ffmpeg_0.6.1-3.diff.gz
8ee9dc5fbb6b19edb3df5b6d86c7863d3f1d4fe6 272272 ffmpeg_0.6.1-3_i386.deb
a0eaaa270ce1b248ef362b0a197499a7c28c2a0b 12146436 ffmpeg-dbg_0.6.1-3_i386.deb
9cd697b2c1fd05799c4a23cc36ea6654c2ea7f07 17075574 ffmpeg-doc_0.6.1-3_all.deb
28368a155206901302a5a14285be4185af1354c9 103004 libavutil50_0.6.1-3_i386.deb
3e0ce1d3783338f10fedd0502d50534e49fcd8f7 4710296 libavcodec52_0.6.1-3_i386.deb
b3f70461394372a31a47abeb46732281c444ed48 76316 libavdevice52_0.6.1-3_i386.deb
17b6491dee7f1084e699c4253130c4ed7200def6 829216 libavformat52_0.6.1-3_i386.deb
e582ea1949595a3f6ba32a729a7e62bfa02e4d71 78924 libavfilter1_0.6.1-3_i386.deb
ab8733ede65d8b1436fc357d7fdfa8cf2504c3df 191302 libpostproc51_0.6.1-3_i386.deb
3f497fdc321ac9f11f41f14da93c1bbf78b105f1 243876 libswscale0_0.6.1-3_i386.deb
1b3bd341fe79f0f7050c8b9900fbe116f73c0c52 88946 libavutil-dev_0.6.1-3_i386.deb
7ebb0c80cc730b76c672e9a06f81d5f8b02ebfe8 2659426
libavcodec-dev_0.6.1-3_i386.deb
f2d5b5d7435c0344d8f9d5df0c5754e815006448 58544 libavdevice-dev_0.6.1-3_i386.deb
1535d7b2bef9db610095eb8078b3c89efc5544d2 526076
libavformat-dev_0.6.1-3_i386.deb
4ff1d0c36f3aebf283b5ce1bb9199005a75895b6 69178 libavfilter-dev_0.6.1-3_i386.deb
444296c9f62387c06f3947f3cc1f1ff96a4dfb22 115378
libpostproc-dev_0.6.1-3_i386.deb
ea47ec9b45096449b62d127c5cfad65aae6b4db5 152042 libswscale-dev_0.6.1-3_i386.deb
Checksums-Sha256:
8f97348ac9dc223551febc8c54e440af068d77ffcd6604667123230eb1ec1b23 2400
ffmpeg_0.6.1-3.dsc
b4e4644911a4bf81fff43b6b2669a019dfc4824ab55876195508960e59916317 4412089
ffmpeg_0.6.1.orig.tar.gz
dd40eaaf8f8003f2f7e19c4e997395e1d67b910735380013fe0301962bd4b729 31179
ffmpeg_0.6.1-3.diff.gz
c5819a9318d8d880cd43b0c82413f1e6e7c87f3886ce19722e4aa91bc0290eb7 272272
ffmpeg_0.6.1-3_i386.deb
a0445478d588199e3fbbc59a9bb3802a17ac4dc0c35e8ad28bb29909827741f7 12146436
ffmpeg-dbg_0.6.1-3_i386.deb
a990d06048a0c3d2ba2f82c0c31e1c6afa2d02e6d3dd6c5d74a5c29f4ecd41e3 17075574
ffmpeg-doc_0.6.1-3_all.deb
000e9ccf723cd4f84fa75a65a7ec35501bee8c139f32f0489173af3354fb9f51 103004
libavutil50_0.6.1-3_i386.deb
8ea7da84446b28f4cb7ba23a1424ef79430b2bbd09c0ec8ed63d7bd9f93ceb61 4710296
libavcodec52_0.6.1-3_i386.deb
11d2552e54c2dffad5d94b317085518fa83cc46d9a8110cb51dd3a6b49ff51bb 76316
libavdevice52_0.6.1-3_i386.deb
b64d1d66550068786f1f0e40ad839cf91723b0323f30a388034fbb086f1c1905 829216
libavformat52_0.6.1-3_i386.deb
e7f41c14075110204b884283cb2662f1893067aa8b710171eacd1adb49e7dda6 78924
libavfilter1_0.6.1-3_i386.deb
4a52e5fd9d45ecf7dc94dcfdb80cd39cc1e90b71baa78a4ae0889db8cb3bd77f 191302
libpostproc51_0.6.1-3_i386.deb
a4e5b9b0c09d79d626f5e9f4ec7e74d2b7eb4f0844b6cc970e0b44f0828eea98 243876
libswscale0_0.6.1-3_i386.deb
0d7a441ab0a4981c6da41fb19c6ebe0a10f550e8d9d0089edff32b76c0c79a10 88946
libavutil-dev_0.6.1-3_i386.deb
5a212b032de29065783c3b9e7b62ced90a225f1c6ad6bc2e98b09021ad6df5d4 2659426
libavcodec-dev_0.6.1-3_i386.deb
e7006e243896adf4f2127383e561583b3e47cc8711f4e6ce46b1f3464307d4a9 58544
libavdevice-dev_0.6.1-3_i386.deb
2cdb79c968713fdf414065ed30a5ef484ab7aabab65daa04901d7bdd129e7b0c 526076
libavformat-dev_0.6.1-3_i386.deb
aab07592facb36a6092a10dd20d72ba2061ed14290b8e250a85fe36257a59680 69178
libavfilter-dev_0.6.1-3_i386.deb
98be7295251dfde38ea4fd03a2398cb67921de04bcfe2a0cd1486a2dcfa0167d 115378
libpostproc-dev_0.6.1-3_i386.deb
743243f23cc6f4e3b7abd15f276e1b9ba40383aa94837489bea024115f42ef10 152042
libswscale-dev_0.6.1-3_i386.deb
Files:
fc014dfae300f25f411fe58624aa8a65 2400 libs optional ffmpeg_0.6.1-3.dsc
fd45cacbe1294554eb72a5c9a311866f 4412089 libs optional ffmpeg_0.6.1.orig.tar.gz
3b7f89e618be3d9fb8f2163e18f9b228 31179 libs optional ffmpeg_0.6.1-3.diff.gz
9c25845e3f3bd93d9a001cf29e01720c 272272 video optional ffmpeg_0.6.1-3_i386.deb
0213fe5caffb42115da3a9b0c1307fbb 12146436 debug extra
ffmpeg-dbg_0.6.1-3_i386.deb
82106198859a6d22c8a0c333d4e5e339 17075574 doc optional
ffmpeg-doc_0.6.1-3_all.deb
39e134d3ca6dea4e9015dd8f520071dd 103004 libs optional
libavutil50_0.6.1-3_i386.deb
f35e8e065290ed61d18345657519a9f5 4710296 libs optional
libavcodec52_0.6.1-3_i386.deb
7c8edd13d6c7d170c645b7a86195ae52 76316 libs optional
libavdevice52_0.6.1-3_i386.deb
127fea74a04c922dff4e2a5962f6d6f1 829216 libs optional
libavformat52_0.6.1-3_i386.deb
d2df2e253d24cc82962953831b3fa914 78924 libs optional
libavfilter1_0.6.1-3_i386.deb
5eab34e9814e84cdac1073cea92b7d0a 191302 libs optional
libpostproc51_0.6.1-3_i386.deb
4b136583ee20abf1a7e58c56b8c1ed2e 243876 libs optional
libswscale0_0.6.1-3_i386.deb
ee825dacd660f661c4f18a07762d0f6b 88946 libdevel optional
libavutil-dev_0.6.1-3_i386.deb
5cc006984fa71ce36668de245b6ea86d 2659426 libdevel optional
libavcodec-dev_0.6.1-3_i386.deb
46c6d7b052a4976fd695795d89d4cbc1 58544 libdevel optional
libavdevice-dev_0.6.1-3_i386.deb
7d4abdff80fbbe2d557b48607445937e 526076 libdevel optional
libavformat-dev_0.6.1-3_i386.deb
754ddec04e94224f1204a495af6c4195 69178 libdevel optional
libavfilter-dev_0.6.1-3_i386.deb
b2ca5ff5ae150cf4b0d9f76dd24cfe08 115378 libdevel optional
libpostproc-dev_0.6.1-3_i386.deb
d3d37fef138f925ed485ac6daaad91e6 152042 libdevel optional
libswscale-dev_0.6.1-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Debian Powered!
iJwEAQECAAYFAk1OU9wACgkQ78RAoABp8o8biQQAgxIwNU4xfjBO2cQX9DYrw4w0
D1ldYtx94odgkgpBKmxYDD8DJfm1lHktXhH4kdLs6p5ciUFOXXaKQObYIAzS4MVt
oTvYEONBr1dlEj8IYpH2Rx4CzF+Ei15JHE7D/XBPkKB5Wvhp6f8ttjbQwFcrRkNO
Gw3rjiiYIxyn6nbCf1g=
=zeIk
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
