ffmpeg-debian: Several security issues

Debian Bug report logs - #504977
ffmpeg-debian: Several security issues

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: ffmpeg-debian: Several security issues

Date: Sat, 08 Nov 2008 19:50:20 +1100

Package: ffmpeg-debian
Version: 0.svn20080206-14
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ffmpeg.

CVE-2008-4869[0]:
| FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
| to cause a denial of service (memory consumption) via unknown vectors,
| aka a "Tcp/udp memory leak."

CVE-2008-4868[1]:
| Unspecified vulnerability in the avcodec_close function in
| libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer,
| has unknown impact and attack vectors, related to a free "on random
| pointers."

CVE-2008-4867[2]:
| Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as
| used by MPlayer, allows context-dependent attackers to have an unknown
| impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

CVE-2008-4866[3]:
| Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9
| before r14715, as used by MPlayer, allow context-dependent attackers
| to have an unknown impact via vectors related to execution of DTS
| generation code with a delay greater than MAX_REORDER_DELAY.

The last three issues are fixed in experimental. I lack information about
the first one, so I am not sure. Do you have any further information? 
Also etch shouldn't be affected by the last three issues. We should 
address them in lenny though. The upstream patches are here[4][5][6][7].
It would be great, if you could upload to unstable with high urgency 
and ask the release team for an unblock.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869
    http://security-tracker.debian.net/tracker/CVE-2008-4869
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4868
    http://security-tracker.debian.net/tracker/CVE-2008-4868
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867
    http://security-tracker.debian.net/tracker/CVE-2008-4867
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4866
    http://security-tracker.debian.net/tracker/CVE-2008-4866
[4] http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html
[5] http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html
[6] http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html
[7] http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html

Message #10 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: 504977@bugs.debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Sat, 8 Nov 2008 20:04:20 +1100

[Message part 1 (text/plain, inline)]

Hi

> CVE-2008-4868[1]:
> | Unspecified vulnerability in the avcodec_close function in
> | libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer,
> | has unknown impact and attack vectors, related to a free "on random
> | pointers."
Forget about this one, it seems to be fixed in our versions.


> [7]
> http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html
This is the corresponding commit.

Cheers
Steffen

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: Steffen Joeris <steffen.joeris@skolelinux.de>

Cc: 504977@bugs.debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Mon, 10 Nov 2008 17:17:52 +0100

Thank you for your work on security issues.

Please avoid munging that many seperate issues into the same bug.

Steffen Joeris <steffen.joeris@skolelinux.de> writes:

> Package: ffmpeg-debian
> Version: 0.svn20080206-14
> Severity: grave
> Tags: security, patch
> Justification: user security hole
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) ids were
> published for ffmpeg.
>
> CVE-2008-4869[0]:
> | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
> | to cause a denial of service (memory consumption) via unknown vectors,
> | aka a "Tcp/udp memory leak."

you asked me later to ignore this. ok.

> CVE-2008-4868[1]:
> | Unspecified vulnerability in the avcodec_close function in
> | libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer,
> | has unknown impact and attack vectors, related to a free "on random
> | pointers."

Here is the relevant patch:

===================================================================
--- libavcodec/utils.c  (Revision 14786)
+++ libavcodec/utils.c  (Revision 14787)
@@ -994,7 +994,6 @@
         avctx->codec->close(avctx);
     avcodec_default_free_buffers(avctx);
     av_freep(&avctx->priv_data);
-    av_freep(&avctx->rc_eq);
     avctx->codec = NULL;
     entangled_thread_counter--;
     return 0;

Are you really sure that this should be applied to the package? It
looks, well, uhm, interesting to me?


> CVE-2008-4867[2]:
> | Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as
> | used by MPlayer, allows context-dependent attackers to have an unknown
> | impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

That is already reported as #496612, unfixed in lenny. Please read that
bug backlog and attach a patch there.

> CVE-2008-4866[3]:
> | Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9
> | before r14715, as used by MPlayer, allow context-dependent attackers
> | to have an unknown impact via vectors related to execution of DTS
> | generation code with a delay greater than MAX_REORDER_DELAY.

committed in the pkg-multimedia svn branch. still untested, and the
patch did not apply cleanly. another set of eyes if that still makes
sense very appreciated.


-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Message #20 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: Steffen Joeris <steffen.joeris@skolelinux.de>

Cc: 504977@bugs.debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Wed, 12 Nov 2008 09:23:18 +0100

Reinhard Tartler <siretart@tauware.de> writes:

>> CVE-2008-4869[0]:
>> | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
>> | to cause a denial of service (memory consumption) via unknown vectors,
>> | aka a "Tcp/udp memory leak."
>
> you asked me later to ignore this. ok.

I'm sorry but I misread you. Investigating the issue further, it seems
to me that this issue is exactly the same as CVE-2008-4866. At least the
references seem to point to the same svn commits.

I take that CVE-2008-4866 and CVE-2008-4869 are actually dupes.

Summary: the only issue this bug is about is actually CVE-2008-4869,
where I have committed a patch, but would really need some help with
verifying the patch.

As for CVE-2008-4867, see bug #496612. Please raise the severity if you
think that should be fixed in lenny, but please not that I could really
need help with that bug as well.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Message #25 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Reinhard Tartler <siretart@tauware.de>

Cc: Steffen Joeris <steffen.joeris@skolelinux.de>, 504977@bugs.debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Sat, 15 Nov 2008 01:43:17 +0100

Reinhard Tartler wrote:
> 
> >> CVE-2008-4869[0]:
> >> | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
> >> | to cause a denial of service (memory consumption) via unknown vectors,
> >> | aka a "Tcp/udp memory leak."
> >
> > you asked me later to ignore this. ok.
> 
> I'm sorry but I misread you. Investigating the issue further, it seems
> to me that this issue is exactly the same as CVE-2008-4866. At least the
> references seem to point to the same svn commits.

The only references in here are the rather dubious Pardus advisory and a
request for more information from Mandriva, it misses a concrete reference
to the actual "Tcp/udp memory leak." Anyway, this isn't something we would
fix in a DSA and since we're very close to release we can skip this for
Lenny.

> I take that CVE-2008-4866 and CVE-2008-4869 are actually dupes.
> 
> Summary: the only issue this bug is about is actually CVE-2008-4869,
> where I have committed a patch, but would really need some help with
> verifying the patch.

050_CVE-2008-4866.patch seems correct (although I assume this rather a mere
crasher). I don't know about 050_CVE-2008-4866-2.patch, that's a H264 interna
I don't know anything about.

> As for CVE-2008-4867, see bug #496612. Please raise the severity if you
> think that should be fixed in lenny, but please not that I could really
> need help with that bug as well.

If you prepare an update, please include it, but it wouldn't warrant an
update on its own.

Cheers,
        Moritz

Message #30 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: Reinhard Tartler <siretart@tauware.de>, 504977@bugs.debian.org

Cc: Steffen Joeris <steffen.joeris@skolelinux.de>, Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Wed, 3 Dec 2008 21:53:51 +1100

On Wednesday 12 November 2008 19:23:18 Reinhard Tartler wrote:
> Summary: the only issue this bug is about is actually CVE-2008-4869,
> where I have committed a patch, but would really need some help with
> verifying the patch.

Reinhard,

This RC bug has been sitting idle for the last couple of weeks are you in a 
position to upload a package to experimental/ unstable to assist with 
verification of your fix?

Mark

Message #35 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: Mark Purcell <msp@debian.org>

Cc: 504977@bugs.debian.org, Steffen Joeris <steffen.joeris@skolelinux.de>, Moritz Muehlenhoff <jmm@inutil.org>, fuddl@debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Thu, 04 Dec 2008 22:41:49 +0100

Mark Purcell <msp@debian.org> writes:

> On Wednesday 12 November 2008 19:23:18 Reinhard Tartler wrote:
>> Summary: the only issue this bug is about is actually CVE-2008-4869,
>> where I have committed a patch, but would really need some help with
>> verifying the patch.
>
> Reinhard,
>
> This RC bug has been sitting idle for the last couple of weeks are you in a 
> position to upload a package to experimental/ unstable to assist with 
> verification of your fix?

Test packages are available at
http://pkg-multimedia.alioth.debian.org/ffmpeg-test/

I'll upload it as soon as someone can confirm me that these packages
actually fix the problem.


-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Message #40 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: Reinhard Tartler <siretart@tauware.de>

Cc: Mark Purcell <msp@debian.org>, 504977@bugs.debian.org, Steffen Joeris <steffen.joeris@skolelinux.de>, Moritz Muehlenhoff <jmm@inutil.org>, fuddl@debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Sun, 04 Jan 2009 18:45:50 +0000

[Message part 1 (text/plain, inline)]

On Thu, 2008-12-04 at 22:41 +0100, Reinhard Tartler wrote:
> Mark Purcell <msp@debian.org> writes:
> 
> > On Wednesday 12 November 2008 19:23:18 Reinhard Tartler wrote:
> >> Summary: the only issue this bug is about is actually CVE-2008-4869,
> >> where I have committed a patch, but would really need some help with
> >> verifying the patch.

Don't you mean -4866?

> > Reinhard,
> >
> > This RC bug has been sitting idle for the last couple of weeks are you in a 
> > position to upload a package to experimental/ unstable to assist with 
> > verification of your fix?
> 
> Test packages are available at
> http://pkg-multimedia.alioth.debian.org/ffmpeg-test/
> 
> I'll upload it as soon as someone can confirm me that these packages
> actually fix the problem.

Based on inspection of the original code and patch for -4866 in this
test package, I am confident that this will be fixed.

Please also include the fix for -4867 (#496612) as it sounds like the
bug could be used for code injection and the change looks low-risk.

-4868 apparently doesn't apply to lenny or sid; the original leak might
but it appears to be extremely limited and probably not controllable by
an attacker.

-4869 is not clearly defined so seems impossible to address.

Ben.

-- 
Ben Hutchings
[W]e found...that it wasn't as easy to get programs right as we had thought.
... I realized that a large part of my life from then on was going to be spent
in finding mistakes in my own programs. - Maurice Wilkes, 1949

[signature.asc (application/pgp-signature, inline)]

Message #47 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: Ben Hutchings <ben@decadent.org.uk>

Cc: Mark Purcell <msp@debian.org>, 504977@bugs.debian.org, Steffen Joeris <steffen.joeris@skolelinux.de>, Moritz Muehlenhoff <jmm@inutil.org>, fuddl@debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Fri, 09 Jan 2009 22:40:58 +0100

Ben Hutchings <ben@decadent.org.uk> writes:

>> I'll upload it as soon as someone can confirm me that these packages
>> actually fix the problem.
>
> Based on inspection of the original code and patch for -4866 in this
> test package, I am confident that this will be fixed.

hm. okay, then I'll upload that package.

> Please also include the fix for -4867 (#496612) as it sounds like the
> bug could be used for code injection and the change looks low-risk.

could you attach a patch there please first?

> -4868 apparently doesn't apply to lenny or sid; the original leak might
> but it appears to be extremely limited and probably not controllable by
> an attacker.
>
> -4869 is not clearly defined so seems impossible to address.

I see.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Message #52 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: Reinhard Tartler <siretart@tauware.de>

Cc: Mark Purcell <msp@debian.org>, 504977@bugs.debian.org, Steffen Joeris <steffen.joeris@skolelinux.de>, Moritz Muehlenhoff <jmm@inutil.org>, fuddl@debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Fri, 09 Jan 2009 22:15:20 +0000

[Message part 1 (text/plain, inline)]

On Fri, 2009-01-09 at 22:40 +0100, Reinhard Tartler wrote:
> Ben Hutchings <ben@decadent.org.uk> writes:
> 
> >> I'll upload it as soon as someone can confirm me that these packages
> >> actually fix the problem.
> >
> > Based on inspection of the original code and patch for -4866 in this
> > test package, I am confident that this will be fixed.
> 
> hm. okay, then I'll upload that package.
> 
> > Please also include the fix for -4867 (#496612) as it sounds like the
> > bug could be used for code injection and the change looks low-risk.
> 
> could you attach a patch there please first?

Never mind, the problem code is not included in the current xine-lib
package.

Ben.

[signature.asc (application/pgp-signature, inline)]

Message #57 received at 504977@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: Reinhard Tartler <siretart@tauware.de>

Cc: Mark Purcell <msp@debian.org>, 504977@bugs.debian.org, Steffen Joeris <steffen.joeris@skolelinux.de>, Moritz Muehlenhoff <jmm@inutil.org>, fuddl@debian.org

Subject: Re: Bug#504977: ffmpeg-debian: Several security issues

Date: Sat, 10 Jan 2009 04:26:04 +0000

[Message part 1 (text/plain, inline)]

On Fri, 2009-01-09 at 22:16 +0000, Ben Hutchings wrote:
> On Fri, 2009-01-09 at 22:40 +0100, Reinhard Tartler wrote:
> > Ben Hutchings <ben@decadent.org.uk> writes:
> > 
> > >> I'll upload it as soon as someone can confirm me that these packages
> > >> actually fix the problem.
> > >
> > > Based on inspection of the original code and patch for -4866 in this
> > > test package, I am confident that this will be fixed.
> > 
> > hm. okay, then I'll upload that package.
> > 
> > > Please also include the fix for -4867 (#496612) as it sounds like the
> > > bug could be used for code injection and the change looks low-risk.
> > 
> > could you attach a patch there please first?
> 
> Never mind, the problem code is not included in the current xine-lib
> package.

Gah, I'm getting confused between ffmpeg and xine bugs.

The problem code *is* in ffmpeg and the upstream fix should be
applicable:

--- trunk/libavcodec/dca.c	(original)
+++ trunk/libavcodec/dca.c	Sat Aug 23 15:29:13 2008
@@ -69,7 +69,7 @@ enum DCAMode {
 #define HEADER_SIZE 14
 #define CONVERT_BIAS 384
 
-#define DCA_MAX_FRAME_SIZE 16383
+#define DCA_MAX_FRAME_SIZE 16384
 
 /** Bit allocation */
 typedef struct {
--- END ---

Ben.

[signature.asc (application/pgp-signature, inline)]

Message #62 received at 504977-close@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: 504977-close@bugs.debian.org

Subject: Bug#504977: fixed in ffmpeg-debian 0.svn20080206-15

Date: Sat, 10 Jan 2009 15:17:11 +0000

Source: ffmpeg-debian
Source-Version: 0.svn20080206-15

We believe that the bug you reported is fixed in the latest version of
ffmpeg-debian, which is due to be installed in the Debian FTP archive:

ffmpeg-dbg_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-15_i386.deb
ffmpeg-debian_0.svn20080206-15.diff.gz
  to pool/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-15.diff.gz
ffmpeg-debian_0.svn20080206-15.dsc
  to pool/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-15.dsc
ffmpeg-doc_0.svn20080206-15_all.deb
  to pool/main/f/ffmpeg-debian/ffmpeg-doc_0.svn20080206-15_all.deb
ffmpeg_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-15_i386.deb
libavcodec-dev_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-15_i386.deb
libavcodec51_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-15_i386.deb
libavdevice-dev_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-15_i386.deb
libavdevice52_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-15_i386.deb
libavformat-dev_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-15_i386.deb
libavformat52_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavformat52_0.svn20080206-15_i386.deb
libavutil-dev_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-15_i386.deb
libavutil49_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libavutil49_0.svn20080206-15_i386.deb
libpostproc-dev_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-15_i386.deb
libpostproc51_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-15_i386.deb
libswscale-dev_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-15_i386.deb
libswscale0_0.svn20080206-15_i386.deb
  to pool/main/f/ffmpeg-debian/libswscale0_0.svn20080206-15_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 504977@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated ffmpeg-debian package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 10 Nov 2008 17:13:25 +0100
Source: ffmpeg-debian
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec51 libavdevice52 libpostproc51 libavformat52 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libpostproc-dev libavformat-dev libswscale-dev
Architecture: source i386 all
Version: 0.svn20080206-15
Distribution: unstable
Urgency: low
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description: 
 ffmpeg     - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec51 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil49 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Closes: 496612 504977
Changes: 
 ffmpeg-debian (0.svn20080206-15) unstable; urgency=low
 .
   * Security fix: Multiple buffer overflows in libavformat/utils.c.
     CVE-2008-4866, Closes: #504977.
 .
   * Fetch fixes for the DCA Decoder from upstream. Closes: #496612.  These
     changes fix a crash on a crafted dca file, which are believed to be
     exploitable in some way. Alongside with that, some correction fixed
     from upstream have been included.
 .
     Thanks to Alexander E. Patrakov for reporting these, and to
     Ben Hutchings for reminding me to actually apply them.
Checksums-Sha1: 
 07c03ce6c410ff654fab34a36e2b1d6c5a92aad1 2210 ffmpeg-debian_0.svn20080206-15.dsc
 be107cb2a93eee2c2e03373ab4794c6edde2f4c2 35600 ffmpeg-debian_0.svn20080206-15.diff.gz
 92fdb22614b2ec34b53f43f8a70be43c945b8b7f 235450 ffmpeg_0.svn20080206-15_i386.deb
 e5b1f73c5732465b1e8144339ef7b937ba0e0a98 7998196 ffmpeg-dbg_0.svn20080206-15_i386.deb
 f6f858ef5c0421808ad6add981e9dd3eaa4fb486 12115200 ffmpeg-doc_0.svn20080206-15_all.deb
 a27d8c6dc02efdbadafdd09f99f81edc1b476051 76168 libavutil49_0.svn20080206-15_i386.deb
 70d737bc38428f5090e3debcffb4c6e87fec1dcc 3498050 libavcodec51_0.svn20080206-15_i386.deb
 db272bb21d5f6efc5d7eb05111a335487a68a043 61072 libavdevice52_0.svn20080206-15_i386.deb
 03f6b285bc40c86df3704ea1ad4a5a8f9483ad0c 69472 libpostproc51_0.svn20080206-15_i386.deb
 ca5d460f79c31a587eb7a4b6b9eb4e6919769616 623728 libavformat52_0.svn20080206-15_i386.deb
 7ffe35e1678bc195be0d70705ef03b0aa2fd767f 156254 libswscale0_0.svn20080206-15_i386.deb
 789ec631e0851c68e7e15908158bd5ca69f55bdf 67038 libavutil-dev_0.svn20080206-15_i386.deb
 c88116e9d284c4134c4168c884b18c3cfcd16838 1957478 libavcodec-dev_0.svn20080206-15_i386.deb
 76a2331d73b4945cd2980bc959a9d13a5dca3a06 47334 libavdevice-dev_0.svn20080206-15_i386.deb
 f1e902610e3c72d3238b12c320c35230fae2ac30 51370 libpostproc-dev_0.svn20080206-15_i386.deb
 fc4f3e3766959657d6dd1c21811ec97613869c1e 388338 libavformat-dev_0.svn20080206-15_i386.deb
 2debe2e971877792de981cf6f725f4bdc2a4825c 99202 libswscale-dev_0.svn20080206-15_i386.deb
Checksums-Sha256: 
 2824c6d85fa1ebc3345e1b11bd5682274be41269897961b77f4868c2abb7f1ce 2210 ffmpeg-debian_0.svn20080206-15.dsc
 295b23415a8eecb6429cf3e4fe0de36dccdf451eb443af4c9c9b16dda522ef81 35600 ffmpeg-debian_0.svn20080206-15.diff.gz
 6c646a43ac3893abb857f51b647f30205c31b19e9469b2d15974e74bd96cf0ae 235450 ffmpeg_0.svn20080206-15_i386.deb
 65b97b210dc30cee6f32f827bb09cf3bee5b150f3bc80371f9ecb16916c10bd2 7998196 ffmpeg-dbg_0.svn20080206-15_i386.deb
 bf35f2ea0f98253ba01c913a48cc39507d35b51bd8d75a5cf7b9e2655f97f5ec 12115200 ffmpeg-doc_0.svn20080206-15_all.deb
 4bb0c01aaefcc106ad52d727c6ec6fc84ad1803496491de5c04904e45de4935b 76168 libavutil49_0.svn20080206-15_i386.deb
 0e9d61b82325d9b0b6c108b21fe10401a82f4f1d85518bf068839517de0cf0ee 3498050 libavcodec51_0.svn20080206-15_i386.deb
 139be0f8bed774dd5efaacdd9625a618ded56de689bfb7374d8773b36f510dd7 61072 libavdevice52_0.svn20080206-15_i386.deb
 05d54d523440bde8e10a91ed1e9d6e7e1f0f78c5aab527ce4ebf8299712f47d4 69472 libpostproc51_0.svn20080206-15_i386.deb
 632ec5ac294c4d1ce69310da3bb0a962a5d6682a6f1e40d43a347b1c7c24e52f 623728 libavformat52_0.svn20080206-15_i386.deb
 4ab7e356e94d1ca9040286f4239905d09738817373365b24d7682f7247be68ed 156254 libswscale0_0.svn20080206-15_i386.deb
 d857a3bb5cc686fa6d1673a9fa416abd44a6c8bd55d11d5f1f435bb7a01aab42 67038 libavutil-dev_0.svn20080206-15_i386.deb
 067ee5c02941af176182606767e58f2f96762f4d506552c571f9ed645867db30 1957478 libavcodec-dev_0.svn20080206-15_i386.deb
 6f698855eae1e0dc49d86c1b4c183b32c4e3f41e35ac7f52642caa88a5ab4291 47334 libavdevice-dev_0.svn20080206-15_i386.deb
 88a17b2afdd41b506421e151a8e742e6d6906b2cbac198d84468ebacbb0bf250 51370 libpostproc-dev_0.svn20080206-15_i386.deb
 404f3803266c7ddea43db6feb9a3f89bd9b4dfda0bd467c811757eb9abc3a27a 388338 libavformat-dev_0.svn20080206-15_i386.deb
 0aa609f0935059ef3cb287cf12f67e9dcd82579ee5f84359589ac6cd811eb268 99202 libswscale-dev_0.svn20080206-15_i386.deb
Files: 
 da011583d94ef58431f37c20daa8a853 2210 libs optional ffmpeg-debian_0.svn20080206-15.dsc
 8926a6c97edc68d79404c703b2268be2 35600 libs optional ffmpeg-debian_0.svn20080206-15.diff.gz
 84620fe8df89d6579d51c54e62eaff0d 235450 graphics optional ffmpeg_0.svn20080206-15_i386.deb
 437b9729e7791cbbe71e7e7a63d3ea8d 7998196 libs extra ffmpeg-dbg_0.svn20080206-15_i386.deb
 3de598db905cddbcbb3be66858820a17 12115200 doc optional ffmpeg-doc_0.svn20080206-15_all.deb
 4656e8254936c40512f21dec3a2748c5 76168 libs optional libavutil49_0.svn20080206-15_i386.deb
 916d707db6b5da3116b4025907e136c9 3498050 libs optional libavcodec51_0.svn20080206-15_i386.deb
 d1942fb9f6952db102880aeecaacc1e4 61072 libs optional libavdevice52_0.svn20080206-15_i386.deb
 06f6a1e91d423f681f184c88f40c9b40 69472 libs optional libpostproc51_0.svn20080206-15_i386.deb
 aa82415ca273a566542bdc466d164726 623728 libs optional libavformat52_0.svn20080206-15_i386.deb
 c50bd9955b339252d605aca5f539e547 156254 libs optional libswscale0_0.svn20080206-15_i386.deb
 7cbd6e9850b9854753c62c3b790af03c 67038 libdevel optional libavutil-dev_0.svn20080206-15_i386.deb
 99d881f130d18a20afe270dfe835f928 1957478 libdevel optional libavcodec-dev_0.svn20080206-15_i386.deb
 fa13ec67bdb23bc73861113d023c1d62 47334 libdevel optional libavdevice-dev_0.svn20080206-15_i386.deb
 6d69ec787321606c1b545189f4330203 51370 libdevel optional libpostproc-dev_0.svn20080206-15_i386.deb
 f4be23e40ad5bcee973bcc89c575a5e2 388338 libdevel optional libavformat-dev_0.svn20080206-15_i386.deb
 bbef4c76cad7f4c40cf488bd1cf5c0ab 99202 libdevel optional libswscale-dev_0.svn20080206-15_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Debian Powered!

iJwEAQECAAYFAkloqEMACgkQ78RAoABp8o/2VQP7Bqjac+8lvGTVfWgFLGMPdjd9
ctwWE2xXOsJWehe763DkeCjVq9klvqOu/rpQb1u5M+jYOOOOmRKyJdoPO0JogByf
msPjS/k1Qz1HGKBfZnJqR7sx69BLBlnQFQXqBS/5y8GUZO84oHBfDhT38czm4IQp
4r6nDRweE18o9fjSD20=
=/nFd
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.