Re: http://security-tracker.debian.net/tracker/source-package/ffmpeg

To: Reinhard Tartler <siretart@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: http://security-tracker.debian.net/tracker/source-package/ffmpeg
From: Stefan Fritsch <sf@sfritsch.de>
Date: Wed, 30 Sep 2009 23:05:23 +0200
Message-id: <[🔎] 200909302305.24191.sf@sfritsch.de>
In-reply-to: <[🔎] 87y6nx1l2n.fsf@faui44a.informatik.uni-erlangen.de>
References: <[🔎] 87y6nx1l2n.fsf@faui44a.informatik.uni-erlangen.de>

On Tuesday 29 September 2009, Reinhard Tartler wrote:
> http://security-tracker.debian.net/tracker/source-package/ffmpeg
>  claims the following CVE reports to affect ffmpeg in unstable

Thanks for notifying us. This was due to the source package rename. I 
hope I have fixed it in svn. The tracker will update soon.

> As for security status, google found some issues in ffmpeg as part
>  of their chrome project. This is documented at
> https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240. The main
>  problem here is that the submitter refused to file seperate
>  issues, but prefered to send in a bulk of 73 (!) files.
> 
> Linked from there is issue1245, for which I think I've extracted a
> patch. I'd like to experiment with it a bit more to ensure that it
>  is actually valid. For other issues, well, they still need more
>  investigation :-(

That looks ugly. Please keep the security team informed about your 
findings.

Cheers,
Stefan

Reply to:

References:
- http://security-tracker.debian.net/tracker/source-package/ffmpeg
  - From: Reinhard Tartler <siretart@debian.org>

Prev by Date: http://security-tracker.debian.net/tracker/source-package/ffmpeg
Previous by thread: http://security-tracker.debian.net/tracker/source-package/ffmpeg
Index(es):
- Date
- Thread