Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
On Fr, Jul 29, 2011 at 12:16:13 (CEST), Moritz Mühlenhoff wrote:
> On Mon, Jun 27, 2011 at 03:58:28PM +0200, Laurent Bonnaud wrote:
>> I am looking at those 3 security issues:
>> that are marked as not fixed in Debian. However, when reading bug
>> #628448, Reinhard Tartler, maintainer of the package, says those bugs
>> are fixed in sid:
>> > With this research, I couldn't find any issue that was not already fixed
>> > in a point release or another, so unstable is fixed TTBOMK.
>> and therefore in wheezy. So could someone please update the pages in
>> the Debian security tracker ?
> Which version of ffmpeg fixed it?
Currently, the security tracker lists the following issues for libav:
allows remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via a
malformed WMV file.
Fixed in 0.5.4
Real Media decoder bug, fixed in 0.5.4
VC-1 decoder bug, fixed in 0.5.4
oggdec, heap corruption bug.
fixed in 0.7.1 but the patch does not apply 0.5, and I failed to reproduce. If
someone can, please get in touch with me.
ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
extremly vague, no useful references given
APE decoder bug, fixed in 0.5.4
description on mitre is way too vague, the referenced madriva source
package does not contain any relevant patch to this issue.
All issues above are fixed in the 0.6 and 0.7 based packages in debian
unstable and experimental.
I have uploaded 0.5.4-1 to stable-security on March 6, with the
following changelog entry:
ffmpeg (4:0.5.4-1) stable-security; urgency=low
* New upstream release. New releases fixes:
- Fix memory corruption in WMV parsing
(addresses CVE-2010-3908, LP: #690169)
- Fix heap corruption crashes (addresses CVE-2011-0722)
- Fix crashes in Vorbis decoding found by zzuf (addresses CVE-2010-4704,
- Fix another crash in Vorbis decoding (addresses CVE-2011-0480,
Chrome issue 68115)
- Fix invalid reads in VC-1 decoding (related to CVE-2011-0723)
- Do not attempt to decode APE file with no frames (fixes DoS)
* drop fix-CVE-2010-3429.patch, applied upstream
-- Reinhard Tartler <firstname.lastname@example.org> Sun, 06 Mar 2011 18:02:34 +0100
Can someone from the security team please check what's the problem with
Reinhard Tartler, KeyID 945348A4