Re: http://security-tracker.debian.net/tracker/source-package/ffmpeg
On Tuesday 29 September 2009, Reinhard Tartler wrote:
> http://security-tracker.debian.net/tracker/source-package/ffmpeg
> claims the following CVE reports to affect ffmpeg in unstable
Thanks for notifying us. This was due to the source package rename. I
hope I have fixed it in svn. The tracker will update soon.
> As for security status, google found some issues in ffmpeg as part
> of their chrome project. This is documented at
> https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240. The main
> problem here is that the submitter refused to file seperate
> issues, but prefered to send in a bulk of 73 (!) files.
>
> Linked from there is issue1245, for which I think I've extracted a
> patch. I'd like to experiment with it a bit more to ensure that it
> is actually valid. For other issues, well, they still need more
> investigation :-(
That looks ugly. Please keep the security team informed about your
findings.
Cheers,
Stefan
Reply to: