Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
On Sat, Aug 6, 2011 at 3:26 PM, Reinhard Tartler wrote:
> I have uploaded 0.5.4-1 to stable-security on March 6, with the
> following changelog entry:
>
> ffmpeg (4:0.5.4-1) stable-security; urgency=low
>
> * New upstream release. New releases fixes:
> - Fix memory corruption in WMV parsing
> (addresses CVE-2010-3908, LP: #690169)
> - Fix heap corruption crashes (addresses CVE-2011-0722)
> - Fix crashes in Vorbis decoding found by zzuf (addresses CVE-2010-4704,
> Closes: #611495)
> - Fix another crash in Vorbis decoding (addresses CVE-2011-0480,
> Chrome issue 68115)
> - Fix invalid reads in VC-1 decoding (related to CVE-2011-0723)
> - Do not attempt to decode APE file with no frames (fixes DoS)
> * drop fix-CVE-2010-3429.patch, applied upstream
>
> -- Reinhard Tartler <siretart@tauware.de> Sun, 06 Mar 2011 18:02:34 +0100
>
> Can someone from the security team please check what's the problem with
> the upload?
I just opened RT ticket #3384 about this (http://rt.debian.org), which
is how DSA preparation should be requested [0].
Best wishes,
Mike
[0] http://wiki.debian.org/rt.debian.org#Security_Team
Reply to: