Bug#872517: marked as done (ffmpeg: CVE-2017-7206: heap-based buffer over-read in embed libav)

Mon, 21 Aug 2017 11:09:33 -0700 

Your message dated Mon, 21 Aug 2017 13:46:12 -0400
with message-id <1548265.oDF1pk7ALe@box>
and subject line ffmpeg: CVE-2017-7206: heap-based buffer over-read in embed 
libav
has caused the Debian Bug report #872517,
regarding ffmpeg: CVE-2017-7206: heap-based buffer over-read in embed libav
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
872517: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872517
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ffmpeg
X-Debbugs-CC: t...@security.debian.org secure-testing-
t...@lists.alioth.debian.org
Severity: grave
Tags: security

Hi,

the following vulnerability was published for libav (which is embed in 
ffmpeg).

CVE-2017-7206[0]:
| The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows
| remote attackers to cause a denial of service (heap-based buffer
| over-read) or obtain sensitive information from process memory via a
| crafted h264 video file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7206

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
The libav fork in ffmpeg include serveral fixes that, most probably, made 
ffmpeg not affected by this issue.

--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to