Hi Diego,
Could you summarize us the status of your work on the 0.8 branch ?
I've had a look at the new CVEs reported for libav. I managed to
reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but
cherry picking the fix[0,1,2] for these issues doesn't seem to fix
the problem.
I'll try to patch it.
Also, the error messages I get for these issues are not the same as
those mentionned on the CVE report.
I have also tried to reproduce CVE-2016-98{19,20,23,24,25,26}, but
I am not getting the same error messages as those mentionned on the
CVE report. No segfault. Instead, avconv is just ending with error
messages like "Error at MB: 0", or "Error while decoding stream #0:0",
which doesn't help me to determine whether this behavior is normal or
not.
Cheers,
Hugo
[0] https://bugzilla.libav.org/show_bug.cgi?id=981
[1] https://git.libav.org/?p=libav.git;a=commit;h=e807491fc6a336e4becc0cbc981274a8fde18aba
[2] https://git.libav.org/?p=libav.git;a=commit;h=58405de0951a843765625159402870c1eea3c3b1
[3] https://bugzilla.libav.org/show_bug.cgi?id=983
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature