Re: wheezy update for libav

To: Hugo Lefeuvre <hle@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: wheezy update for libav
From: "Diego Biurrun" <diego@biurrun.de>
Date: Thu, 12 Jan 2017 15:04:44 +0100
Message-id: <[🔎] 20170112140444.GP17342@dream>
In-reply-to: <[🔎] 20170111201452.f6vttmskftat3ox5@hle.local>
References: <20161004172650.GP5584@spawn.fritz.box> <20161025083804.zvy2rzibmxjfwa4g@hle.local> <20161028174327.GA3752@dream> <20161103092959.53nrvhlhvqixmin5@hle.local> <20161117183159.GW21493@dream> <20161209172007.scxoge4mnguggbpc@hle.local> <20161210152330.GN7761@dream> <[🔎] 20170106103249.wjmszutgkuidpm25@hle.local> <[🔎] 20170111100920.GE17342@dream> <[🔎] 20170111201452.f6vttmskftat3ox5@hle.local>

On Wed, Jan 11, 2017 at 09:14:52PM +0100, Hugo Lefeuvre wrote:
> > > I've had a look at the new CVEs reported for libav. I managed to
> > > reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but
> > > cherry picking the fix[0,1,2] for these issues doesn't seem to fix
> > > the problem.
> > 
> > It would help me to know which problem is CVE 21 and which is 22 so
> > that I can mark the fixing commits correctly in Git.
> 
> See https://marc.info/?l=oss-security&m=148090747301705&w=2
> 
> By the way, what about the patches I submitted here[0] ?
> [0] https://lists.debian.org/debian-lts/2016/12/msg00058.html

Unfortunately it is hard or impossible to evaluate those patches since
they have been created for/with secret samples...

Diego

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: wheezy update for libav
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: wheezy update for libav
  - From: "Diego Biurrun" <diego@biurrun.de>
- Re: wheezy update for libav
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Re: Wheezy update of ikiwiki?
Next by Date: Re: Testing Asterisk for Wheezy LTS
Previous by thread: Re: wheezy update for libav
Next by thread: Re: wheezy update for libav
Index(es):
- Date
- Thread