On Fri, Jan 4, 2013 at 2:07 PM, Arne Wichmann <a...@anhrefn.saar.de> wrote:
> begin quotation from Reinhard Tartler (in
> <caj0ccebl3xsmm+swok3ocfxsore9nq-yyy7r8_4zyazjt5m...@mail.gmail.com>):
>> Thanks for caring about security in libav. Sorry for the delay. I
>> tried hard to gather additional information about these issues, but
>> was not successful.
>
> Yeah, the information politics of the reporters could be more open.
>
>> On Mon, Nov 26, 2012 at 8:30 PM, Arne Wichmann <a...@linux.de> wrote:
>>
>> > I have here another series of CVEs for ffmpeg/libav:
>> >
>> > CVE-2012-2882
>>
>> Libav's ogg decoder is a bit different to the one in FFmpeg. Can you
>> please provide a testfile so that we can test if this issue affects
>> Libav at all?
>
> I dug around for a bit and found commit
> 9e1c55cfdec1e1e46fa39b92ea5c425ba9499c68 for ffmpeg, which seems to address
> the issue. More effort will follow when I find the reserves for that.
We in libav are discussing that patch since a couple of days, but do
not think that this patch helps. Unfortunately, we do not have a
sample to for this either.
--
regards,
Reinhard
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
