On Fri, Jan 06, 2017 at 11:32:49AM +0100, Hugo Lefeuvre wrote:
>
> I've had a look at the new CVEs reported for libav. I managed to
> reproduce CVE-2016-98{21,22} (avconv crashes with segfault), but
> cherry picking the fix[0,1,2] for these issues doesn't seem to fix
> the problem.You were missing a commit to backport for CVE-2016-9821. I'll push the fixes to the 0.8 branch tomorrow. The upstream 11 branch (the one you ship in Jessie) already has the appropriate fixes and does not crash. Diego
signature.asc
Description: Digital signature
