[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy update for libav

Hi Diego,

Could you summarize us the status of your work on the 0.8 branch ?

I've had a look at the new CVEs reported for libav. I managed to
reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but
cherry picking the fix[0,1,2] for these issues doesn't seem to fix
the problem.

I'll try to patch it.

Also, the error messages I get for these issues are not the same as
those mentionned on the CVE report.

I have also tried to reproduce CVE-2016-98{19,20,23,24,25,26}, but
I am not getting the same error messages as those mentionned on the
CVE report. No segfault. Instead, avconv is just ending with error
messages like "Error at MB: 0", or "Error while decoding stream #0:0",
which doesn't help me to determine whether this behavior is normal or


[0] https://bugzilla.libav.org/show_bug.cgi?id=981
[1] https://git.libav.org/?p=libav.git;a=commit;h=e807491fc6a336e4becc0cbc981274a8fde18aba
[2] https://git.libav.org/?p=libav.git;a=commit;h=58405de0951a843765625159402870c1eea3c3b1
[3] https://bugzilla.libav.org/show_bug.cgi?id=983

             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to: