Your message dated Mon, 26 Sep 2011 21:17:52 +0000
with message-id <e1r8iyi-0001il...@franck.debian.org>
and subject line Bug#641478: fixed in libav 4:0.7.1-7
has caused the Debian Bug report #641478,
regarding libavcodec insufficient boundary check in CAVS decoding
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
641478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libav
Severity: important
The following was reported by oCERT:
http://www.ocert.org/advisories/ocert-2011-002.html
A CVE ID is not yet available, I will be requesting one. This is unfixed
in libav from sid. The ffmpeg fix can be found here:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libav
Source-Version: 4:0.7.1-7
We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive:
ffmpeg-dbg_0.7.1-7_amd64.deb
to main/liba/libav/ffmpeg-dbg_0.7.1-7_amd64.deb
ffmpeg-doc_0.7.1-7_all.deb
to main/liba/libav/ffmpeg-doc_0.7.1-7_all.deb
ffmpeg_0.7.1-7_amd64.deb
to main/liba/libav/ffmpeg_0.7.1-7_amd64.deb
libav-dbg_0.7.1-7_amd64.deb
to main/liba/libav/libav-dbg_0.7.1-7_amd64.deb
libav-doc_0.7.1-7_all.deb
to main/liba/libav/libav-doc_0.7.1-7_all.deb
libav-source_0.7.1-7_all.deb
to main/liba/libav/libav-source_0.7.1-7_all.deb
libav_0.7.1-7.debian.tar.gz
to main/liba/libav/libav_0.7.1-7.debian.tar.gz
libav_0.7.1-7.dsc
to main/liba/libav/libav_0.7.1-7.dsc
libavcodec-dev_0.7.1-7_amd64.deb
to main/liba/libav/libavcodec-dev_0.7.1-7_amd64.deb
libavcodec53_0.7.1-7_amd64.deb
to main/liba/libav/libavcodec53_0.7.1-7_amd64.deb
libavdevice-dev_0.7.1-7_amd64.deb
to main/liba/libav/libavdevice-dev_0.7.1-7_amd64.deb
libavdevice53_0.7.1-7_amd64.deb
to main/liba/libav/libavdevice53_0.7.1-7_amd64.deb
libavfilter-dev_0.7.1-7_amd64.deb
to main/liba/libav/libavfilter-dev_0.7.1-7_amd64.deb
libavfilter2_0.7.1-7_amd64.deb
to main/liba/libav/libavfilter2_0.7.1-7_amd64.deb
libavformat-dev_0.7.1-7_amd64.deb
to main/liba/libav/libavformat-dev_0.7.1-7_amd64.deb
libavformat53_0.7.1-7_amd64.deb
to main/liba/libav/libavformat53_0.7.1-7_amd64.deb
libavutil-dev_0.7.1-7_amd64.deb
to main/liba/libav/libavutil-dev_0.7.1-7_amd64.deb
libavutil51_0.7.1-7_amd64.deb
to main/liba/libav/libavutil51_0.7.1-7_amd64.deb
libpostproc-dev_0.7.1-7_amd64.deb
to main/liba/libav/libpostproc-dev_0.7.1-7_amd64.deb
libpostproc52_0.7.1-7_amd64.deb
to main/liba/libav/libpostproc52_0.7.1-7_amd64.deb
libswscale-dev_0.7.1-7_amd64.deb
to main/liba/libav/libswscale-dev_0.7.1-7_amd64.deb
libswscale2_0.7.1-7_amd64.deb
to main/liba/libav/libswscale2_0.7.1-7_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 641...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 26 Sep 2011 22:24:47 +0200
Source: libav
Binary: ffmpeg ffmpeg-dbg libav-dbg libav-source ffmpeg-doc libav-doc
libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52
libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev
libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source amd64 all
Version: 4:0.7.1-7
Distribution: unstable
Urgency: medium
Maintainer: Reinhard Tartler <siret...@debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description:
ffmpeg - Multimedia player, server, encoder and transcoder
ffmpeg-dbg - Debug symbols for Libav related packages
ffmpeg-doc - Documentation of the Libav API (transitional package)
libav-dbg - Debug symbols for Libav related packages
libav-doc - Documentation of the Libav API
libav-source - Patched Libav sources
libavcodec-dev - Development files for libavcodec
libavcodec53 - Libav codec library
libavdevice-dev - Development files for libavdevice
libavdevice53 - Libav device handling library
libavfilter-dev - Development files for libavfilter
libavfilter2 - Libav video filtering library
libavformat-dev - Development files for libavformat
libavformat53 - Libav file format library
libavutil-dev - Development files for libavutil
libavutil51 - Libav utility library
libpostproc-dev - Development files for libpostproc
libpostproc52 - Libav video postprocessing library
libswscale-dev - Development files for libswscale
libswscale2 - Libav video scaling library
Closes: 641478
Changes:
libav (4:0.7.1-7) unstable; urgency=medium
.
* Add 63 (!) additional post 0.7.1 patches
- all scheduled for next upstream point release
- Fix missing CAVS boundary checks, Closes: #641478, Fixes: CVE-2011-3362
* Medium urgency for fixing a security issue
* Drop debian/patches/03-fix-movrel.patch, better patch upstream
* prefer libtiff4 over libtiff5 for now
Checksums-Sha1:
d84f60ac345ba34ad5878700465195e7986210e7 2992 libav_0.7.1-7.dsc
71de6fb206908c03443b55e9c10b767a9f99b543 77239 libav_0.7.1-7.debian.tar.gz
c878cb8e8ef8ae28f5caeadda44733a511fe02b7 444934 ffmpeg_0.7.1-7_amd64.deb
6c8dcff269ffad1c0a3abf542c70c8eeb1aaa485 37822 ffmpeg-dbg_0.7.1-7_amd64.deb
e75f7fe434f4eb71ccc3843b26af7eb3734898e4 9467356 libav-dbg_0.7.1-7_amd64.deb
d62bb4abfa8c079cb21ee37ebc43fb9101fb4c30 25591416 libav-source_0.7.1-7_all.deb
b4bf60e0fc725a83cf93d5cb208d3f8613a4239f 37788 ffmpeg-doc_0.7.1-7_all.deb
5a8c2c01c11ccf627e0e78f652086c62c0110331 20190266 libav-doc_0.7.1-7_all.deb
d6be78fc3b970b783c8ee76c56ffdf07e4911b69 92260 libavutil51_0.7.1-7_amd64.deb
51fbb140da799559ba76399e31d2beac4196ea79 2712564 libavcodec53_0.7.1-7_amd64.deb
68bd3c44bf327f0804f02045c206db831b37b7cf 60708 libavdevice53_0.7.1-7_amd64.deb
26c9a61b00090a6fc58b8896a92ce40bc421f966 495290 libavformat53_0.7.1-7_amd64.deb
4fe27908101535722d460dcba2a459b853be412e 94088 libavfilter2_0.7.1-7_amd64.deb
cfe7c4630bd9120a18ca59526d069a75c4c42e39 99402 libpostproc52_0.7.1-7_amd64.deb
3d8a8ea1a8f49ba926eca749c5172d6a9d631291 120740 libswscale2_0.7.1-7_amd64.deb
824c6c750fec3b358b2d0015cc35e520ed99e690 135274 libavutil-dev_0.7.1-7_amd64.deb
328024f24d5ac293c6c958ac3c873522bd67bbac 3146276
libavcodec-dev_0.7.1-7_amd64.deb
4ce55e890c148397a31f741963dcc7bc8a4f41ff 62506
libavdevice-dev_0.7.1-7_amd64.deb
0b076088359423f109cbae3f295ba92137f04428 652040
libavformat-dev_0.7.1-7_amd64.deb
a34208d41013ddb8e6970a1ebbaf7768929fad82 118864
libavfilter-dev_0.7.1-7_amd64.deb
562e9db87f5b1b2b311b5f7ca83fece637d21be3 100016
libpostproc-dev_0.7.1-7_amd64.deb
a75da6fed713356b04554b4d40a6a6aaff92da58 137234
libswscale-dev_0.7.1-7_amd64.deb
Checksums-Sha256:
357cca5db34629734f1bb636b9370e89f8399334fc0061f3387a647ef6fe62a0 2992
libav_0.7.1-7.dsc
1923dbaeb070a4c079e4b5a3e145daa3032418f08bf8d4a701841effda64206a 77239
libav_0.7.1-7.debian.tar.gz
3f96d80cbff994d3b7b1e5d866ef4ba8bcc2074e6a510fec3b0fbeebc7929c11 444934
ffmpeg_0.7.1-7_amd64.deb
514f358cc0b4c9179621ed8f2e19d96aa7b5dbf831612d4011893c34bbfa4d0d 37822
ffmpeg-dbg_0.7.1-7_amd64.deb
e0a962b7fae1187e09b7a8ca638257c94d24bced9336d0addc6c866e43afd570 9467356
libav-dbg_0.7.1-7_amd64.deb
864f344f1e37c3f83a06408a7ad79b70afed24a6f9ccf11252a1aad1b490922f 25591416
libav-source_0.7.1-7_all.deb
645cad9c62f64c5de07924b267f76e539a5671a7823ac2a05ffe5b798b421b76 37788
ffmpeg-doc_0.7.1-7_all.deb
3f43897c1f275b1f929f57bf89353da46dfdb52baa833dcc869e88039094879b 20190266
libav-doc_0.7.1-7_all.deb
724d0da6607d1490a6cabee9517bcf0235c73a134d0b84ce99b7d7b88a010ea5 92260
libavutil51_0.7.1-7_amd64.deb
90db9f86f1cb562caf423ce74dff5a2fd6fff553ee7b30a31e472bc6a96f68f5 2712564
libavcodec53_0.7.1-7_amd64.deb
12c86908dcca342ef6a4907c5580f2bf1558c13507e4702a35101f3a06694d72 60708
libavdevice53_0.7.1-7_amd64.deb
632f8167d22ccbfa8cf28aba0bb2c5bd06a5cf233ca50a63a89eddc232790369 495290
libavformat53_0.7.1-7_amd64.deb
8d2f172e4cb63145ab332cd85fdcbcb7b2cbcb8a8885f34ca81d2fb5fc72ba27 94088
libavfilter2_0.7.1-7_amd64.deb
f9cdb0281bcb127c7e31bf287413ca4855497f8374a6426ca4de58b98107d22c 99402
libpostproc52_0.7.1-7_amd64.deb
8a1c4a3559201d5c36beb9ec9f7ef0161b597b41b7eac91e2765c2089948806d 120740
libswscale2_0.7.1-7_amd64.deb
a828d0349329519a968f53c9e62d3eaf9e9a1a1b6b2350c7f062dfbfdfb387af 135274
libavutil-dev_0.7.1-7_amd64.deb
0360587b2018e589b165849db71356a08494794397ba6cbed3965e865b2b616b 3146276
libavcodec-dev_0.7.1-7_amd64.deb
6ea0a5a8d3c0eb41d570105883ecb01801620878b9d55142388c7ec1419bfdcd 62506
libavdevice-dev_0.7.1-7_amd64.deb
1b089448abfe1bc1cca346fb45d905297525908a61efe999d3523ebbe812a0e6 652040
libavformat-dev_0.7.1-7_amd64.deb
80df8f5575fddd9948072d5ec0d1dec8da6566eba4fbf81c99d75fc2ab265038 118864
libavfilter-dev_0.7.1-7_amd64.deb
8bc39c1b61c0b6b1ae02ccd74407bf6fd87945e8789099d17aa39257dfad25ae 100016
libpostproc-dev_0.7.1-7_amd64.deb
4630c7b99e24b638955c4d91a6469c2378be2600f7805834aea66876929adccd 137234
libswscale-dev_0.7.1-7_amd64.deb
Files:
ce457a77d31c33066524495927ad54c2 2992 libs optional libav_0.7.1-7.dsc
4be215a8d0b1e197ca23ec8c87e4b178 77239 libs optional
libav_0.7.1-7.debian.tar.gz
9a9c91069a6e7b632f00ea1d51c194be 444934 video optional ffmpeg_0.7.1-7_amd64.deb
f53189405a36c3525b863d9ab26f939f 37822 debug extra ffmpeg-dbg_0.7.1-7_amd64.deb
101f1aceae20619a5e56fdb094cb8f23 9467356 debug extra
libav-dbg_0.7.1-7_amd64.deb
a94e8e91fcb48183fceb81f702413d19 25591416 devel optional
libav-source_0.7.1-7_all.deb
2188a3e8946f0f26726de3acf5703664 37788 doc optional ffmpeg-doc_0.7.1-7_all.deb
ca4c7a50ab7759b82a8d86dd2f7e8d2b 20190266 doc optional
libav-doc_0.7.1-7_all.deb
a7b5bd5e267bd9a6664df95a952319ff 92260 libs optional
libavutil51_0.7.1-7_amd64.deb
1cac3d789036363f53708d706a733b69 2712564 libs optional
libavcodec53_0.7.1-7_amd64.deb
1b3988d97f451a4f5bc50885308c0767 60708 libs optional
libavdevice53_0.7.1-7_amd64.deb
1ddf870111521bda447dce4c0502533b 495290 libs optional
libavformat53_0.7.1-7_amd64.deb
ce264ea6e1a3bbf994088e4ecba8ee3c 94088 libs optional
libavfilter2_0.7.1-7_amd64.deb
6e60fa5bbba9c59594f9d7dbc163b604 99402 libs optional
libpostproc52_0.7.1-7_amd64.deb
2270800b11d672189d85acbba378595f 120740 libs optional
libswscale2_0.7.1-7_amd64.deb
2bfc85c05e7e1380a57d1193a3a3fda7 135274 libdevel optional
libavutil-dev_0.7.1-7_amd64.deb
bc9a713ac2528b5a8672c30753689576 3146276 libdevel optional
libavcodec-dev_0.7.1-7_amd64.deb
386c7d986dc505fa55b9c5d2f20b2452 62506 libdevel optional
libavdevice-dev_0.7.1-7_amd64.deb
2fca83cd311ff85a67f09c6490ca34fc 652040 libdevel optional
libavformat-dev_0.7.1-7_amd64.deb
b61f293d4f8e145d88a73eafa15276da 118864 libdevel optional
libavfilter-dev_0.7.1-7_amd64.deb
ca0175fdeaa984b85043593bc65af985 100016 libdevel optional
libpostproc-dev_0.7.1-7_amd64.deb
ef2a26d7f1e680250e6100a102ed2ef2 137234 libdevel optional
libswscale-dev_0.7.1-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Debian Powered!
iEYEARECAAYFAk6A5/sACgkQmAg1RJRTSKS5/gCfcZPmp0GewJl73LX84q41zxud
H28AnRpwfvaAabLKzLCrN+LQlZqp0qjx
=Ze71
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
