Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole
Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html cu AW -- System Information: Debian Release: stretch/sid APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.7-ckt9 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libavcodec56 depends on: ii libavresample2 6:11.3-2 ii libavutil54 6:11.3-2 ii libc6 2.19-18 ii libgsm1 1.0.13-4 ii libmp3lame0 3.99.5+repack1-7 ii libopenjpeg5 1:1.5.2-3 ii libopus0 1.1-2 ii libschroedinger-1.0-0 1.0.11-2.1 ii libspeex1 1.2~rc1.2-1 ii libtheora0 1.1.1+dfsg.1-6 ii libva1 1.5.1-2 ii libvorbis0a 1.3.4-2 ii libvorbisenc2 1.3.4-2 ii libvpx1 1.3.0-3 ii libx264-142 2:0.142.2431+gita5831aa-1+b2 ii libx265-43 1.5-1 ii libxvidcore4 2:1.3.3-1 ii multiarch-support 2.19-18 ii zlib1g 1:1.2.8.dfsg-2+b1 libavcodec56 recommends no packages. libavcodec56 suggests no packages. -- no debconf information _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
