Hi Michael, * Michael Gilbert <michael.s.gilbert@gmail.com> [2008-07-30 09:03]: [...] > >> ubuntu just updated their libavformat packages to patch a problem with > >> STR file demuxing [1]. does this problem apply to debian as well? the > >> CVE number is CVE-2008-3162 [2]. > >> > >> [1] http://www.ubuntu.com/usn/usn-630-1 > >> [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162 > > > Thanks for your report but this bug is a clear dupe of #489965. > > ok, i appologize, i did a quick scan of bugs in libavformat, and > somehow missed this. > > there has not been a DSA to fix this problem in stable. is the > libavformat0d package vulnerable there? and if so, why isn't the > issue being tracked [1]? Because we tracked this for ffmpeg-debian so far which is not part of stable as the source package was renamed. Added ffmpeg to this tracker entry as well so it show up on the website soon. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpyTkootGiGh.pgp
Description: PGP signature