Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
On Fr, Jul 29, 2011 at 12:16:13 (CEST), Moritz Mühlenhoff wrote:
> On Mon, Jun 27, 2011 at 03:58:28PM +0200, Laurent Bonnaud wrote:
>> Hi,
>>
>> I am looking at those 3 security issues:
>>
>> http://security-tracker.debian.org/tracker/CVE-2011-2160
>> http://security-tracker.debian.org/tracker/CVE-2011-2161
>> http://security-tracker.debian.org/tracker/CVE-2011-2162
>>
>> that are marked as not fixed in Debian. However, when reading bug
>> #628448, Reinhard Tartler, maintainer of the package, says those bugs
>> are fixed in sid:
>>
>> > With this research, I couldn't find any issue that was not already fixed
>> > in a point release or another, so unstable is fixed TTBOMK.
>>
>> and therefore in wheezy. So could someone please update the pages in
>> the Debian security tracker ?
>
> Which version of ffmpeg fixed it?
Currently, the security tracker lists the following issues for libav:
CVE-2010-3908
allows remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via a
malformed WMV file.
Fixed in 0.5.4
CVE-2011-0722
Real Media decoder bug, fixed in 0.5.4
CVE-2011-0723
VC-1 decoder bug, fixed in 0.5.4
CVE-2011-1196
oggdec, heap corruption bug.
fixed in 0.7.1 but the patch does not apply 0.5, and I failed to reproduce. If
someone can, please get in touch with me.
CVE-2011-1198
ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
http://thread.gmane.org/gmane.comp.video.libav.devel/8507
CVE-2011-2160
extremly vague, no useful references given
CVE-2011-2161
APE decoder bug, fixed in 0.5.4
CVE-2011-2162
description on mitre is way too vague, the referenced madriva source
package does not contain any relevant patch to this issue.
All issues above are fixed in the 0.6 and 0.7 based packages in debian
unstable and experimental.
I have uploaded 0.5.4-1 to stable-security on March 6, with the
following changelog entry:
ffmpeg (4:0.5.4-1) stable-security; urgency=low
* New upstream release. New releases fixes:
- Fix memory corruption in WMV parsing
(addresses CVE-2010-3908, LP: #690169)
- Fix heap corruption crashes (addresses CVE-2011-0722)
- Fix crashes in Vorbis decoding found by zzuf (addresses CVE-2010-4704,
Closes: #611495)
- Fix another crash in Vorbis decoding (addresses CVE-2011-0480,
Chrome issue 68115)
- Fix invalid reads in VC-1 decoding (related to CVE-2011-0723)
- Do not attempt to decode APE file with no frames (fixes DoS)
* drop fix-CVE-2010-3429.patch, applied upstream
-- Reinhard Tartler <siretart@tauware.de> Sun, 06 Mar 2011 18:02:34 +0100
Can someone from the security team please check what's the problem with
the upload?
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Reply to: