[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)



Hi Michael,
* Michael Gilbert <michael.s.gilbert@gmail.com> [2008-07-30 09:03]:
[...] 
> >> ubuntu just updated their libavformat packages to patch a problem with
> >> STR file demuxing [1].  does this problem apply to debian as well?  the
> >> CVE number is CVE-2008-3162 [2].
> >>
> >> [1] http://www.ubuntu.com/usn/usn-630-1
> >> [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162
> 
> > Thanks for your report but this bug is a clear dupe of #489965.
> 
> ok, i appologize, i did a quick scan of bugs in libavformat, and
> somehow missed this.
> 
> there has not been a DSA to fix this problem in stable.  is the
> libavformat0d package vulnerable there?  and if so, why isn't the
> issue being tracked [1]?

Because we tracked this for ffmpeg-debian so far which is 
not part of stable as the source package was renamed.
Added ffmpeg to this tracker entry as well so it show up on 
the website soon.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpPCxbXNuO5o.pgp
Description: PGP signature


Reply to: