Re: CVE-2010-4704 is done
On Thu, Apr 14, 2011 at 10:43:24AM +0200, Arne Wichmann wrote:
> begin quotation from Moritz Mühlenhoff (in <[🔎] 20110413182904.GA3998@pisco.westfalen.local>):
> > On Thu, Apr 07, 2011 at 12:11:53AM +0200, Arne Wichmann wrote:
> > > #611495, to which the security-tracker page refers, is closed. The CVE says
> > > it applies to 0.6.1 and earlier - the version is now 0.6.2 . But the
> > > security tracker still lists ffmpeg as vulnerable. Did I miss something?
> > >
> > > (Reply-To set as I am not on the list at the moment)
> >
> > Lenny is still unfixed and it's a different source package (ffmpeg-debian)
>
> Yeah, but it is listed as vulnerable for all versions but the version in
> lenny-security. In my understanding only lenny should be vulnerable.
Debian switched to the ffmpeg fork libav. I've updated the security tracker
to reflect the new source package name.
Cheers,
Moritz
Reply to: