[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)

>> Package: libavformat52
>> Version: 0.svn20080206-11
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>> ubuntu just updated their libavformat packages to patch a problem with
>> STR file demuxing [1].  does this problem apply to debian as well?  the
>> CVE number is CVE-2008-3162 [2].
>> [1] http://www.ubuntu.com/usn/usn-630-1
>> [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162

> Thanks for your report but this bug is a clear dupe of #489965.

ok, i appologize, i did a quick scan of bugs in libavformat, and
somehow missed this.

there has not been a DSA to fix this problem in stable.  is the
libavformat0d package vulnerable there?  and if so, why isn't the
issue being tracked [1]?

[1] http://security-tracker.debian.net/tracker/status/release/stable

Reply to: