Re: CVE-2010-4704 is done

To: Arne Wichmann <aw@anhrefn.saar.de>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2010-4704 is done
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sun, 17 Apr 2011 19:04:38 +0200
Message-id: <[🔎] 20110417170438.GC3264@pisco.westfalen.local>
In-reply-to: <[🔎] 20110414084324.GA10214@anhrefn.saar.de>
References: <[🔎] 20110406221153.GB17720@anhrefn.saar.de> <[🔎] 20110413182904.GA3998@pisco.westfalen.local> <[🔎] 20110414084324.GA10214@anhrefn.saar.de>

On Thu, Apr 14, 2011 at 10:43:24AM +0200, Arne Wichmann wrote:
> begin  quotation  from Moritz Mühlenhoff (in <[🔎] 20110413182904.GA3998@pisco.westfalen.local>):
> > On Thu, Apr 07, 2011 at 12:11:53AM +0200, Arne Wichmann wrote:
> > > #611495, to which the security-tracker page refers, is closed. The CVE says
> > > it applies to 0.6.1 and earlier - the version is now 0.6.2 . But the
> > > security tracker still lists ffmpeg as vulnerable. Did I miss something?
> > > 
> > > (Reply-To set as I am not on the list at the moment)
> > 
> > Lenny is still unfixed and it's a different source package (ffmpeg-debian)
> 
> Yeah, but it is listed as vulnerable for all versions but the version in
> lenny-security. In my understanding only lenny should be vulnerable.

Debian switched to the ffmpeg fork libav. I've updated the security tracker
to reflect the new source package name.

Cheers,
        Moritz

Reply to:

References:
- CVE-2010-4704 is done
  - From: Arne Wichmann <aw@anhrefn.saar.de>
- Re: CVE-2010-4704 is done
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: CVE-2010-4704 is done
  - From: Arne Wichmann <aw@anhrefn.saar.de>

Prev by Date: note to CVE-2011-0285
Next by Date: Re: note to CVE-2011-0285
Previous by thread: Re: CVE-2010-4704 is done
Next by thread: note to CVE-2011-0285
Index(es):
- Date
- Thread