Your message dated Thu, 15 Dec 2005 14:02:45 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#343503: fixed in gst-ffmpeg 0.8.7-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Dec 2005 18:37:32 +0000
>From [EMAIL PROTECTED] Thu Dec 15 10:37:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de ([212.9.189.167])
by spohr.debian.org with esmtp (Exim 4.50)
id 1Emxyu-0004VZ-5F
for [EMAIL PROTECTED]; Thu, 15 Dec 2005 10:37:32 -0800
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de)
by mail.enyo.de with esmtp id 1Emxys-0001nV-Tc
for [EMAIL PROTECTED]; Thu, 15 Dec 2005 19:37:30 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.54)
id 1Emxys-0006yK-11
for [EMAIL PROTECTED]; Thu, 15 Dec 2005 19:37:30 +0100
From: Florian Weimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [CVE-2005-4048] avcodec_default_get_buffer heap overflow
Date: Thu, 15 Dec 2005 19:37:30 +0100
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: gst-ffmpeg
Tags: security
Severity: grave
The package embeds a local copy of libavcodec, which is vulnerable to
CVE-2005-4048:
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html
Please check if it is necessary to apply the patch to gst-ffmpeg as
well.
---------------------------------------
Received: (at 343503-close) by bugs.debian.org; 15 Dec 2005 22:12:14 +0000
>From [EMAIL PROTECTED] Thu Dec 15 14:12:14 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1En1BV-0007Hd-1x; Thu, 15 Dec 2005 14:02:45 -0800
From: Loic Minier <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#343503: fixed in gst-ffmpeg 0.8.7-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 15 Dec 2005 14:02:45 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: gst-ffmpeg
Source-Version: 0.8.7-5
We believe that the bug you reported is fixed in the latest version of
gst-ffmpeg, which is due to be installed in the Debian FTP archive:
gst-ffmpeg_0.8.7-5.diff.gz
to pool/main/g/gst-ffmpeg/gst-ffmpeg_0.8.7-5.diff.gz
gst-ffmpeg_0.8.7-5.dsc
to pool/main/g/gst-ffmpeg/gst-ffmpeg_0.8.7-5.dsc
gstreamer0.8-ffmpeg_0.8.7-5_i386.deb
to pool/main/g/gst-ffmpeg/gstreamer0.8-ffmpeg_0.8.7-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Loic Minier <[EMAIL PROTECTED]> (supplier of updated gst-ffmpeg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 15 Dec 2005 20:44:36 +0100
Source: gst-ffmpeg
Binary: gstreamer0.8-ffmpeg
Architecture: source i386
Version: 0.8.7-5
Distribution: unstable
Urgency: low
Maintainer: Loic Minier <[EMAIL PROTECTED]>
Changed-By: Loic Minier <[EMAIL PROTECTED]>
Description:
gstreamer0.8-ffmpeg - FFmpeg plugin for GStreamer
Closes: 343503
Changes:
gst-ffmpeg (0.8.7-5) unstable; urgency=low
.
* SECURITY: New patch from ffmpeg's CVS to address a heap overflow in
avcodec_default_get_buffer identified as CVE-2005-4048. (Closes: #343503)
[debian/patches/32_CVE-2005-4048_avcodec-default-get-buffer-heap-overflow.patch]
Files:
d24957e15af7de119559a1705778b863 864 libs optional gst-ffmpeg_0.8.7-5.dsc
b948585d52f2925c316a7bd0c53a273e 4766 libs optional gst-ffmpeg_0.8.7-5.diff.gz
7ce9642ececaf3a00e0b67cdf1d9330c 2030940 libs optional
gstreamer0.8-ffmpeg_0.8.7-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDock14VUX8isJIMARAtY4AJ9Ahs2026YzULITl87+48eXZAfw9ACfYjTe
iYL0DaPohH42/F/pcp908Qk=
=8hPJ
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
