[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)

found 492806 0.cvs20060823-8

"Michael Gilbert" <michael.s.gilbert@gmail.com> writes:

> ok, i appologize, i did a quick scan of bugs in libavformat, and
> somehow missed this.

No Problem. Better safe than sorry.

> there has not been a DSA to fix this problem in stable.  is the
> libavformat0d package vulnerable there?  and if so, why isn't the
> issue being tracked [1]?

By just briefly looking at the source, it seems to me that the version
in stable is vulnerable as well. The patch found in the unstable package
needs some additional handwork but should more or less apply in the same

I'm sorry to say that I'll be rather busy this week, so I cannot promise
to prepare an updated package. In case I do, I'll followup in this

Reinhard Tartler, KeyID 945348A4

Reply to: