Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162

To: Reinhard Tartler <siretart@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Mon, 5 Sep 2011 01:59:18 -0400
Message-id: <[🔎] CANTw=MP4PipcH+78D1p9FcLS=YAkLSgGaF7tag+PpS=5cGGHEQ@mail.gmail.com>
In-reply-to: <87fwlefik2.fsf@faui43f.informatik.uni-erlangen.de>
References: <1309183108.5105.19.camel@vougeot> <20110729101613.GA17796@pisco.westfalen.local> <87fwlefik2.fsf@faui43f.informatik.uni-erlangen.de>

On Sat, Aug 6, 2011 at 3:26 PM, Reinhard Tartler wrote:
> I have uploaded 0.5.4-1 to stable-security on March 6, with the
> following changelog entry:
>
> ffmpeg (4:0.5.4-1) stable-security; urgency=low
>
>  * New upstream release. New releases fixes:
>    - Fix memory corruption in WMV parsing
>      (addresses CVE-2010-3908, LP: #690169)
>    - Fix heap corruption crashes (addresses CVE-2011-0722)
>    - Fix crashes in Vorbis decoding found by zzuf (addresses CVE-2010-4704,
>      Closes: #611495)
>    - Fix another crash in Vorbis decoding (addresses CVE-2011-0480,
>      Chrome issue 68115)
>    - Fix invalid reads in VC-1 decoding (related to CVE-2011-0723)
>    - Do not attempt to decode APE file with no frames (fixes DoS)
>  * drop fix-CVE-2010-3429.patch, applied upstream
>
>  -- Reinhard Tartler <siretart@tauware.de>  Sun, 06 Mar 2011 18:02:34 +0100
>
> Can someone from the security team please check what's the problem with
> the upload?

I just opened RT ticket #3384 about this (http://rt.debian.org), which
is how DSA preparation should be requested [0].

Best wishes,
Mike

[0] http://wiki.debian.org/rt.debian.org#Security_Team

Reply to:

Prev by Date: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
Next by Date: DSA-2301-1 vs. tracker
Previous by thread: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
Next by thread: DSA-2301-1 vs. tracker
Index(es):
- Date
- Thread