Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774

To: Reinhard Tartler <siretart@gmail.com>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 4 Jan 2013 11:27:14 +0100
Message-id: <[🔎] 20130104102714.GD22177@inutil.org>
In-reply-to: <[🔎] CAJ0cceba3y7iCcbJwO8ULKTcnY3yXU__iK2gE5oSvxuLGuMHpw@mail.gmail.com>
References: <[🔎] 1357255157-15913-1-git-send-email-siretart@tauware.de> <[🔎] 1357255157-15913-4-git-send-email-siretart@tauware.de> <[🔎] CAJ0cceba3y7iCcbJwO8ULKTcnY3yXU__iK2gE5oSvxuLGuMHpw@mail.gmail.com>

On Fri, Jan 04, 2013 at 07:04:47AM +0100, Reinhard Tartler wrote:
> On Fri, Jan 4, 2013 at 12:19 AM, Reinhard Tartler <siretart@tauware.de> wrote:
> > ---
> >  CVE/list |    4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/CVE/list b/CVE/list
> > index 44dabb2..106a5c4 100644
> > --- a/CVE/list
> > +++ b/CVE/list
> > @@ -10805,6 +10805,7 @@ CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ..
> >         - libav <unfixed> (bug #694483)
> >         - ffmpeg <removed>
> >         NOTE: https://chromiumcodereview.appspot.com/10829204
> > +       NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/
> >  CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
> >         - chromium-browser 22.0.1229.94~r161065-1
> >  CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote ...)
> > @@ -11043,6 +11044,7 @@ CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...)
> >  CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
> >         [squeeze] - ffmpeg <unfixed> (bug #688849)
> >         - libav <unfixed> (bug #688847)
> > +       NOTE: patch proposed: http://patches.libav.org/patch/32642/
> Based on Justins review, the libav <unfixed> should be <unspecified>
> until someone can come up with a sample.
> 
> >  CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...)
> >         [squeeze] - ffmpeg <unfixed> (bug #688849)
> >         - libav 6:0.8.4-1 (bug #688847)
> > @@ -11108,6 +11110,8 @@ CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in
> >  CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg ...)
> >         [squeeze] - ffmpeg <unfixed> (bug #688849)
> >         - libav <unfixed> (bug #688847)
> > +       NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
> > +       NOTE: patch proposed: http://patches.libav.org/patch/32644/
> Based on Ronald's review, the libav <unfixed> should be <unspecified>
> until someone can come up with a sample
> 
> Do you want me to resent an updated patch, or can you change this
> while applying?

Fixed up during application. Can you contact the Google for the reproducer?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
  - From: Reinhard Tartler <siretart@gmail.com>

References:
- Comments on current open Libav issues
  - From: Reinhard Tartler <siretart@tauware.de>
- [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
  - From: Reinhard Tartler <siretart@tauware.de>
- Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
  - From: Reinhard Tartler <siretart@gmail.com>

Prev by Date: Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
Next by Date: Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
Previous by thread: Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
Next by thread: Re: [PATCH 3/4] link proposed patches for libav CVE-2012-2882, CVE-2012-2797 and CVE-2012-2774
Index(es):
- Date
- Thread