Your message dated Tue, 08 Oct 2013 00:18:39 +0000 with message-id <e1vtl0z-0008wo...@franck.debian.org> and subject line Bug#717009: fixed in libav 6:9.9-1 has caused the Debian Bug report #717009, regarding libavcodec53: CVEs CVE-2013-0844 to CVE-2013-0874, CVE-2013-3670, CVE-2013-3672, CVE-2013-3674 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 717009: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717009 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libavcodec53 Version: 6:0.8.7-1 Severity: grave Tags: security Justification: user security hole Dear Maintainer, I have here another series of CVEs for libav. Some of these are fixed, some of these I was not able to check. Those without comment were checked by me and seem valid - at least to me. CVE-2013-0845 CVE-2013-0846 CVE-2013-0847 - vim '+/while (avio_tell(s->pb) < end' libavformat/id3v2.c above command brings you to the suspected problem position in libav, the problem looks solved to me This one is actually for libavformat, but I include it here for simplicity CVE-2013-0848 - I was not able to find the problem in libav CVE-2013-0849 - fixed in experimental CVE-2013-0850 - seems fixed in experimental CVE-2013-0851 CVE-2013-0852 CVE-2013-0853 CVE-2013-0854 - fixed in experimental CVE-2013-0855 - looks invalid as the problem is checked in alac_set_info CVE-2013-0856 CVE-2013-0857 CVE-2013-0858 - I was not able to find the problem in libav CVE-2013-0860 - I was not able to find the problem in libav CVE-2013-0861 CVE-2013-0865 - fixed in experimental CVE-2013-0866 - looks fixed. am I correct? CVE-2013-0867 - I was not able to find the problem in libav CVE-2013-0868 CVE-2013-0869 - looks fixed. am I correct? CVE-2013-0870 - seems to be invalid - relevant code fragment is not present in libav CVE-2013-0873 - looks fixed. am I correct? CVE-2013-0874 - seems to be invalid - relevant code fragment is not present in libav CVE-2013-3670 looks valid - libav commits given in security tracker fix different things AFAICS CVE-2013-3672 CVE-2013-3674 I hope these cses are a bit more well-defined as those I sent in January. cu soon, hopefully, AW -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9.8 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages libavcodec53 depends on: ii libavutil51 6:0.8.7-1 ii libc6 2.17-7 ii libdirac-encoder0 1.0.2-6 ii libgsm1 1.0.13-4 ii libmp3lame0 3.99.5+repack1-3 ii libopenjpeg2 1.3+dfsg-4.6 ii libschroedinger-1.0-0 1.0.11-2 ii libspeex1 1.2~rc1-7 ii libtheora0 1.1.1+dfsg.1-3.1 ii libva1 1.1.1-3 ii libvorbis0a 1.3.2-1.3 ii libvorbisenc2 1.3.2-1.3 ii libvpx1 1.2.0-2 ii libx264-123 2:0.123.2189+git35cf912-1 ii libxvidcore4 2:1.3.2-9 ii multiarch-support 2.17-7 ii zlib1g 1:1.2.8.dfsg-1 libavcodec53 recommends no packages. libavcodec53 suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libav Source-Version: 6:9.9-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 717...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 07 Oct 2013 18:07:14 -0400 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil52 libavcodec54 libavdevice53 libavformat54 libavfilter3 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample1 libavutil-extra-52 libavcodec-extra-54 libavdevice-extra-53 libavfilter-extra-3 libavformat-extra-54 libswscale-extra-2 libavcodec-extra Architecture: source all amd64 Version: 6:9.9-1 Distribution: experimental Urgency: low Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, server, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-54 - Libav codec library (additional codecs) libavcodec54 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice-extra-53 - Libav device handling library (transitional package) libavdevice53 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter-extra-3 - Libav filter library (transitional package) libavfilter3 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat-extra-54 - Libav file format library (transitional package) libavformat54 - Libav file format library libavresample-dev - Development files for libavresample libavresample1 - Libav audo resampling library libavutil-dev - Development files for libavutil libavutil-extra-52 - Libav utility library (transitional package) libavutil52 - Libav utility library libswscale-dev - Development files for libswscale libswscale-extra-2 - Libav video software scaling library (transitional package) libswscale2 - Libav video scaling library Closes: 717009 Changes: libav (6:9.9-1) experimental; urgency=low . * New upstream release 9.9 * Too many security related upstream changes to list here, please cf. to upstream changelog. Closes: #717009 Checksums-Sha1: 8b07a24997a620b75749ae441d9b734cae0c87d5 3467 libav_9.9-1.dsc 5093a924543305b64d48fcd73b193ad4e7a0fa7f 4071992 libav_9.9.orig.tar.xz 7dbee245892cfe74d5423a8897217c7bbbdbad3d 49894 libav_9.9-1.debian.tar.gz f292e7528a33ab57b5ceabf4de8411e26bdc3a1a 14369524 libav-doc_9.9-1_all.deb 869a4ba0b5a7ffca0562b98b7e2e22f47ebd357b 53640 libavutil-extra-52_9.9-1_all.deb bac36d689e36d473d3f7a156b3f5b78cd78126fe 53644 libavdevice-extra-53_9.9-1_all.deb b0bc1672d02eb9106ee5adbe09aba2127593e2da 53630 libavfilter-extra-3_9.9-1_all.deb 6c577ff09343e4d9b0d660d43543bdb00572bee8 53636 libavformat-extra-54_9.9-1_all.deb e81b9e3d8835e51fafeaab5b265c77f2e00a3d83 53650 libswscale-extra-2_9.9-1_all.deb 371e50b5a6b8191f859ee721939194fd1a566ce2 53676 libavcodec-extra_9.9-1_all.deb 40f198b18c9e37a0bd2bb6f83e959f7fd8c47c28 3351684 libav-tools_9.9-1_amd64.deb 6a1212c35e98071f6f0570c032d5d4d127c87d08 22510986 libav-dbg_9.9-1_amd64.deb 34e7483819b009cb86fa6680c74bf0d0e15e7ec8 109978 libavutil52_9.9-1_amd64.deb dd9a16fb75d060571f512075045025c99e14d9ea 2394980 libavcodec54_9.9-1_amd64.deb fb25999603ea87ae6aa73a7636589b33fb14dcc5 77860 libavdevice53_9.9-1_amd64.deb 0989dd5f59b81f510a46388bdbe04beb0ae574c6 524100 libavformat54_9.9-1_amd64.deb 0f129947996cfcf085a99b61fd0e4c7a12f38daa 141500 libavfilter3_9.9-1_amd64.deb df8a040ffd4389cd284c595b0fd351cb9797bfaa 127528 libswscale2_9.9-1_amd64.deb f442e74a4f541525ea172cb858f7151ed78e804b 156904 libavutil-dev_9.9-1_amd64.deb bc49ec8fb38653c55d14c473ff76590fd674b6cc 2645720 libavcodec-dev_9.9-1_amd64.deb b7fe04b110b084795b74b31d336a0193d5f0e0dc 80252 libavdevice-dev_9.9-1_amd64.deb aebae5f5cb9d628e54bba40870285047ee277dd8 619562 libavformat-dev_9.9-1_amd64.deb dfdf6c92b95c3b77499ddc61b9d1cf9021ee87c4 165306 libavfilter-dev_9.9-1_amd64.deb 637125c861f98aab4f8b3719ec1d82c00ace02ca 139950 libswscale-dev_9.9-1_amd64.deb 14eeb5484767e3545c5b0ca982fb50ac50064cf3 94076 libavresample-dev_9.9-1_amd64.deb 0bcb1bba0d11155adec5a5c55987c8372950dcd8 84874 libavresample1_9.9-1_amd64.deb 37248ef06829b0a49b83589cbd8d5665051a3b67 2395394 libavcodec-extra-54_9.9-1_amd64.deb Checksums-Sha256: 82097617bbd9c746583181c9e94e3abaed184140bb0d034a982d5bdcd74e21f7 3467 libav_9.9-1.dsc 69b65af3307854dc69a8edae46da36a4d5d6a2ecdc130fc4f59f30b1b08797e7 4071992 libav_9.9.orig.tar.xz c865fc41023703ac1956f6674b8693489c5a372b76cc65eb80159f0bb14065c0 49894 libav_9.9-1.debian.tar.gz 721c6e4f57382c9a960db512eafa70d5f2d7dee798b5e766db7bd1903ce2f915 14369524 libav-doc_9.9-1_all.deb 805ec34b5e0395325600e520c02112917bb735add42afde06456980c8ad06702 53640 libavutil-extra-52_9.9-1_all.deb d75bfda765b19ca252a46e69666ae1efcf3e430d2bd2eb94c7fad11b01c3e5eb 53644 libavdevice-extra-53_9.9-1_all.deb 368e52b7f3eeeacbe142bb92ae0a2c7599dabcfc705feb40b6fe18ab0f169dc3 53630 libavfilter-extra-3_9.9-1_all.deb 7d5177212fc7956c9991add9f0a41bf3eae8570ae7a146290b197993c556989b 53636 libavformat-extra-54_9.9-1_all.deb 6edc26ed0cd15dc8f5ff5b0e2325871edb1af19b7337d0e432cbd7c57a148b3b 53650 libswscale-extra-2_9.9-1_all.deb 2fdbb2ce82da146b433440d0b46209aa7d7c15d29ec6fa1bdbab6e58c476c8f4 53676 libavcodec-extra_9.9-1_all.deb f437ad7785ac2337aae3f01af8d6c58b0a95148543fe4e2fff7f29c9f7fd08ea 3351684 libav-tools_9.9-1_amd64.deb 9e0bd0befa2b1ddaad0011c52cb419ecc1863447da1ceec67150e8678a3538e8 22510986 libav-dbg_9.9-1_amd64.deb dac1bde490118bbb15c219cbbf28ea44ba0975e17e4166d65c53b655c25ad146 109978 libavutil52_9.9-1_amd64.deb 201a2aa173e9657ca8e6f4373b1f5fcd9eed3a79e86ca1e00797dffca4b94d27 2394980 libavcodec54_9.9-1_amd64.deb 5ef11de4fd23309a17dcec37a0c2410cc4b90c0bc1e6c37e49cc01008135d379 77860 libavdevice53_9.9-1_amd64.deb 12d0992b69b3a0ce30d51a88538e2717909080d7820b22bfdf3993bcd5c3269e 524100 libavformat54_9.9-1_amd64.deb 1aad47102624dd70d15227f69773ddd7c5bf9396eda81bb142a7c085394c5dba 141500 libavfilter3_9.9-1_amd64.deb 82912e034762325f11a6bcad51191ef1e0fd32554f2940d641a65e96c740f567 127528 libswscale2_9.9-1_amd64.deb dc40f12f2028e0ae0668e5fcd3cfed6caa8a5314de912ec20dcb1bcbb979ce2e 156904 libavutil-dev_9.9-1_amd64.deb 5823cda05b379be841ba0d789b6403917e4b401dfad4ae0653adb735c2bbd993 2645720 libavcodec-dev_9.9-1_amd64.deb a04e06d03521e2a4167d968dd53f583ebb9469571d37ace8d752cff50d58749a 80252 libavdevice-dev_9.9-1_amd64.deb 53a1c25fb9fc10d4882b5f12ce8933c9e0c1ebd9dfd493c8039f7be9c7e5a8ec 619562 libavformat-dev_9.9-1_amd64.deb c7e3d587eedb4182043e31f38d62f367837ffe600aeb035b8c4d19c1018fd5a6 165306 libavfilter-dev_9.9-1_amd64.deb c34675e826bf02e823423ade88fd76405931af95db445ec1bcfc750262db7f1e 139950 libswscale-dev_9.9-1_amd64.deb c4f6dd79386f4ceabbf5096e40a7e6c72dbf8f76d1a7c031ed16f60a5e09dc91 94076 libavresample-dev_9.9-1_amd64.deb 79a7778a4f4665a244bebb61e6717603e889d4c5681bc34c81af0f83393d4789 84874 libavresample1_9.9-1_amd64.deb 9ce8191b7c513775e456441cd89b135b5ddc945f9617f3a0e0a7508885026dce 2395394 libavcodec-extra-54_9.9-1_amd64.deb Files: 496d1a9fbde876aa57335bf3cc5f7fe4 3467 libs optional libav_9.9-1.dsc c4a1a2fa2491f341903822e9083e5b41 4071992 libs optional libav_9.9.orig.tar.xz a29b7d537729b2b48a4c66a9d2d1213e 49894 libs optional libav_9.9-1.debian.tar.gz fdb47faafd1013c476da014be2a99dc0 14369524 doc optional libav-doc_9.9-1_all.deb 5a5c0540827cc08022336491136760aa 53640 oldlibs extra libavutil-extra-52_9.9-1_all.deb 710fc692367ddabfa9fc3374daab881b 53644 oldlibs extra libavdevice-extra-53_9.9-1_all.deb eba2e754bd4a330ea2c972a7f734149d 53630 oldlibs extra libavfilter-extra-3_9.9-1_all.deb de3edecec65e452d36739d1426a98fab 53636 oldlibs extra libavformat-extra-54_9.9-1_all.deb 3bc9bf96a426247c7572da568d7ffcd3 53650 oldlibs extra libswscale-extra-2_9.9-1_all.deb d7b10b8968f3cd32129b9dc1fb8606d2 53676 libs extra libavcodec-extra_9.9-1_all.deb 1671dcd6bbcb8a6f55f49caa83d64705 3351684 video optional libav-tools_9.9-1_amd64.deb dfedf30eb4ab9b77d89f5cb0a2757d67 22510986 debug extra libav-dbg_9.9-1_amd64.deb 93f01c57e3c7b5242758944c3e01e792 109978 libs optional libavutil52_9.9-1_amd64.deb ee45f60003fe478fa72d7f6aa7a875aa 2394980 libs optional libavcodec54_9.9-1_amd64.deb 8a23a05092a66ce92df507fa280bbeb2 77860 libs optional libavdevice53_9.9-1_amd64.deb 217270e436a22b789f6d116eec547964 524100 libs optional libavformat54_9.9-1_amd64.deb 256ce322074d10881eaa01022fe430c3 141500 libs optional libavfilter3_9.9-1_amd64.deb 6655c115bd2d1b574c6394323c9c5497 127528 libs optional libswscale2_9.9-1_amd64.deb 8631eeb0893033735058f3cc6c324dda 156904 libdevel optional libavutil-dev_9.9-1_amd64.deb 04954f9d06998485f8bfe07125386f0b 2645720 libdevel optional libavcodec-dev_9.9-1_amd64.deb 28ea90c23bac8d36427f35b536fbf47d 80252 libdevel optional libavdevice-dev_9.9-1_amd64.deb 72616273fca6618e9cde2fa5dea5b74e 619562 libdevel optional libavformat-dev_9.9-1_amd64.deb 15f58ab78af737679a5720c8539e9f90 165306 libdevel optional libavfilter-dev_9.9-1_amd64.deb d6498dca07bb5f3320fbf17b4d838165 139950 libdevel optional libswscale-dev_9.9-1_amd64.deb cc82fc57c5f3e5114b62cdddfff899ed 94076 libdevel optional libavresample-dev_9.9-1_amd64.deb 6c7b3f64742923a7f028607326ad6ef5 84874 libs optional libavresample1_9.9-1_amd64.deb b75d5308202ca05a3f1660fc47132d47 2395394 libs optional libavcodec-extra-54_9.9-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Debian Powered! iEYEARECAAYFAlJTNG0ACgkQmAg1RJRTSKS62gCeMjgkAjw82vvjJnV7BzpFn7GR Xi8AnitSItS/m/xT/eZchHR6tGiyWgb8 =LeWW -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
