CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Debian Bug report logs - #694483
CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Arne Wichmann <aw@linux.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Date: Mon, 26 Nov 2012 20:30:46 +0100

Source: libav
Version: 0.8.4
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

I have here another series of CVEs for ffmpeg/libav:

CVE-2012-2882
CVE-2012-5359
CVE-2012-5360
CVE-2012-5361

For the last 3 http://technet.microsoft.com/en-us/security/msvr/msvr12-017
claims that they are fixed in ffmpeg 0.11, but the available information on
all of them is a bit thin.

Thanks for all the good work!

AW

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.29 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Message #10 received at 694483@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@gmail.com>

To: Arne Wichmann <aw@linux.de>, 694483@bugs.debian.org

Cc: libav-security@libav.org

Subject: Re: Bug#694483: CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Date: Thu, 3 Jan 2013 18:26:59 +0100

tags 694483 moreinfo
stop

Hi Arne,

Thanks for caring about security in libav. Sorry for the delay. I
tried hard to gather additional information about these issues, but
was not successful.

On Mon, Nov 26, 2012 at 8:30 PM, Arne Wichmann <aw@linux.de> wrote:

> I have here another series of CVEs for ffmpeg/libav:
>
> CVE-2012-2882

Libav's ogg decoder is a bit different to the one in FFmpeg. Can you
please provide a testfile so that we can test if this issue affects
Libav at all?

> CVE-2012-5359
> CVE-2012-5360
> CVE-2012-5361
>
> For the last 3 http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> claims that they are fixed in ffmpeg 0.11, but the available information on
> all of them is a bit thin.

Sorry, without proper information what's going on here, there is
nothing that we can do about this. Again, please provide a sample that
demonstrates the issue.

-- 
regards,
    Reinhard

Message #17 received at 694483@bugs.debian.org (full text, mbox, reply):

From: Arne Wichmann <aw@anhrefn.saar.de>

To: Reinhard Tartler <siretart@gmail.com>

Cc: 694483@bugs.debian.org, libav-security@libav.org

Subject: Re: Bug#694483: CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Date: Fri, 4 Jan 2013 14:07:03 +0100

[Message part 1 (text/plain, inline)]

begin  quotation  from Reinhard Tartler (in <CAJ0ccebL3xSmM+swoK3ocFxSOrE9nQ-yyy7r8_4zyazJT5mX1g@mail.gmail.com>):
> Thanks for caring about security in libav. Sorry for the delay. I
> tried hard to gather additional information about these issues, but
> was not successful.

Yeah, the information politics of the reporters could be more open.

> On Mon, Nov 26, 2012 at 8:30 PM, Arne Wichmann <aw@linux.de> wrote:
> 
> > I have here another series of CVEs for ffmpeg/libav:
> >
> > CVE-2012-2882
> 
> Libav's ogg decoder is a bit different to the one in FFmpeg. Can you
> please provide a testfile so that we can test if this issue affects
> Libav at all?

I dug around for a bit and found commit
9e1c55cfdec1e1e46fa39b92ea5c425ba9499c68 for ffmpeg, which seems to address
the issue. More effort will follow when I find the reserves for that.

> > CVE-2012-5359
> > CVE-2012-5360
> > CVE-2012-5361
> >
> > For the last 3 http://technet.microsoft.com/en-us/security/msvr/msvr12-017
> > claims that they are fixed in ffmpeg 0.11, but the available information on
> > all of them is a bit thin.
> 
> Sorry, without proper information what's going on here, there is
> nothing that we can do about this. Again, please provide a sample that
> demonstrates the issue.

*nod*

Same here.

cu

AW
-- 
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)

[signature.asc (application/pgp-signature, inline)]

Message #22 received at 694483@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@gmail.com>

To: Arne Wichmann <aw@anhrefn.saar.de>

Cc: 694483@bugs.debian.org, libav-security@libav.org

Subject: Re: Bug#694483: CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Date: Fri, 4 Jan 2013 14:59:39 +0100

On Fri, Jan 4, 2013 at 2:07 PM, Arne Wichmann <aw@anhrefn.saar.de> wrote:
> begin  quotation  from Reinhard Tartler (in <CAJ0ccebL3xSmM+swoK3ocFxSOrE9nQ-yyy7r8_4zyazJT5mX1g@mail.gmail.com>):
>> Thanks for caring about security in libav. Sorry for the delay. I
>> tried hard to gather additional information about these issues, but
>> was not successful.
>
> Yeah, the information politics of the reporters could be more open.
>
>> On Mon, Nov 26, 2012 at 8:30 PM, Arne Wichmann <aw@linux.de> wrote:
>>
>> > I have here another series of CVEs for ffmpeg/libav:
>> >
>> > CVE-2012-2882
>>
>> Libav's ogg decoder is a bit different to the one in FFmpeg. Can you
>> please provide a testfile so that we can test if this issue affects
>> Libav at all?
>
> I dug around for a bit and found commit
> 9e1c55cfdec1e1e46fa39b92ea5c425ba9499c68 for ffmpeg, which seems to address
> the issue. More effort will follow when I find the reserves for that.

We in libav are discussing that patch since a couple of days, but do
not think that this patch helps. Unfortunately, we do not have a
sample to for this either.

-- 
regards,
    Reinhard

Message #27 received at 694483-close@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: 694483-close@bugs.debian.org

Subject: Bug#694483: fixed in libav 6:9.1-1

Date: Wed, 09 Jan 2013 06:48:03 +0000

Source: libav
Source-Version: 6:9.1-1

We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 694483@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated libav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 07 Jan 2013 22:42:25 +0100
Source: libav
Binary: libav-tools libav-dbg libav-doc libavutil52 libavcodec54 libavdevice53 libavformat54 libavfilter3 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample1 libavutil-extra-52 libavcodec-extra-54 libavdevice-extra-53 libavfilter-extra-3 libavformat-extra-54 libswscale-extra-2
Architecture: source amd64 all
Version: 6:9.1-1
Distribution: experimental
Urgency: low
Maintainer: Reinhard Tartler <siretart@debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description: 
 libav-dbg  - Debug symbols for Libav related packages
 libav-doc  - Documentation of the Libav API
 libav-tools - Multimedia player, server, encoder and transcoder
 libavcodec-dev - Development files for libavcodec
 libavcodec-extra-54 - Libav codec library (additional codecs)
 libavcodec54 - Libav codec library
 libavdevice-dev - Development files for libavdevice
 libavdevice-extra-53 - Libav device handling library (transitional package)
 libavdevice53 - Libav device handling library
 libavfilter-dev - Development files for libavfilter
 libavfilter-extra-3 - Libav filter library (transitional package)
 libavfilter3 - Libav video filtering library
 libavformat-dev - Development files for libavformat
 libavformat-extra-54 - Libav file format library (transitional package)
 libavformat54 - Libav file format library
 libavresample-dev - Development files for libavresample
 libavresample1 - Libav audo resampling library
 libavutil-dev - Development files for libavutil
 libavutil-extra-52 - Libav utility library (transitional package)
 libavutil52 - Libav utility library
 libswscale-dev - Development files for libswscale
 libswscale-extra-2 - Libav video software scaling library (transitional package)
 libswscale2 - Libav video scaling library
Closes: 694483 694657
Changes: 
 libav (6:9.1-1) experimental; urgency=low
 .
   [ Jonas Smedegaard ]
   * Rewrite copyright file using copyright format 1.0.
     Closes: bug#694657. Thanks to Francesco Poli.
   * Include CDBS utils.mk, to track future copyright/licensing changes.
     Build-depend on cdbs. Update README.source.
 .
   [ Reinhard Tartler ]
   * Imported Upstream version 9
     - New releases fixes (among others) CVE-2012-2882 CVE-2012-5359
       CVE-2012-5360 CVE-2012-5361, Closes: #694483
   * drop debian/recordshow.sh
   * ignore shlib-with-non-pic-code also for libavcodec-extra-54
   * make libavcodec54/libavcodec-extra-54 properly conflict/replace each other
Checksums-Sha1: 
 5ca6e6595555145366428debac5ef56312537abc 3432 libav_9.1-1.dsc
 991bf50e6a8b3d290bb84b8113f27e758b115471 4062784 libav_9.1.orig.tar.xz
 156d04790826e994edae4e3cf769bee2adcac56a 68068 libav_9.1-1.debian.tar.gz
 5b43d163d23ba8d9e4053a64fe9ab490b26704a3 3411252 libav-tools_9.1-1_amd64.deb
 1a990e022eca164d2dab568190553afb0595f23e 33658064 libav-dbg_9.1-1_amd64.deb
 7e5a47e1533bc0a24e1ba6ede60c2090c9fc4002 14034188 libav-doc_9.1-1_all.deb
 8146ed3adf7f729d5b3103e2c736f233b569b0bf 105174 libavutil52_9.1-1_amd64.deb
 c0d67da8544381f87958e51ba868cc57c4785083 2473558 libavcodec54_9.1-1_amd64.deb
 372af0a258687edd6d11669ca4df79714f5b3ba5 73246 libavdevice53_9.1-1_amd64.deb
 2145f0ce032beee36e0b11c1b63d0fd6334a875d 515074 libavformat54_9.1-1_amd64.deb
 ac29aed53cef27b58b98850fa3bb85f036b0bc8a 138012 libavfilter3_9.1-1_amd64.deb
 fd2d4deb51c2826ffb7d59f25f70040dc23dc481 125318 libswscale2_9.1-1_amd64.deb
 1d3d3f808687ae4db070dc708c467b38ac121527 150680 libavutil-dev_9.1-1_amd64.deb
 bd40d21dea687b4bf24bfa161bfee7148b7d92fb 2736570 libavcodec-dev_9.1-1_amd64.deb
 bcb8d861562385ae12ec92aee233d6b0daaf03a7 75276 libavdevice-dev_9.1-1_amd64.deb
 dadf8d64b6b7780e9c2c77ea3021e140d6873df6 604236 libavformat-dev_9.1-1_amd64.deb
 e95bb3f2e2ee62de3818957e7a8b26feea1c042b 161156 libavfilter-dev_9.1-1_amd64.deb
 37714f23bc528500d4c5a6481bff5b8fe5bcc32c 136712 libswscale-dev_9.1-1_amd64.deb
 a8acc4c4567c68f73bd126fe59b12181c184c739 88232 libavresample-dev_9.1-1_amd64.deb
 15129c54595392610e563dd415d604e034cf9699 79988 libavresample1_9.1-1_amd64.deb
 0c0126799c0f9162a770adea9fbaf8ca71bc498a 48180 libavutil-extra-52_9.1-1_all.deb
 e68e30ef59937d8d95c7ea4fc4eefe15de21fbbf 2477366 libavcodec-extra-54_9.1-1_amd64.deb
 29ce9245a9978b966f720c7b1f86b83e5f64594f 48182 libavdevice-extra-53_9.1-1_all.deb
 dd13f0229deba4b856fd18645c745ded32505017 48172 libavfilter-extra-3_9.1-1_all.deb
 db1e8d4da92be3f86a9b4fd4747e6ec56e4c6dc4 48182 libavformat-extra-54_9.1-1_all.deb
 18887542d12dbbccf5efd27001c47af3fa917f31 48190 libswscale-extra-2_9.1-1_all.deb
Checksums-Sha256: 
 ea42321e5a8229afc69ee75756b4350aa399b0af5117a1867a5cef9dc5447e9a 3432 libav_9.1-1.dsc
 549969acacd8b341644ef027a058c2499b2ef2f088f7bf23a49f21d747458741 4062784 libav_9.1.orig.tar.xz
 62acbe68cfff70c56ac220cff0a1e29d27daf721a9618f30baed899b4235873c 68068 libav_9.1-1.debian.tar.gz
 a4d078cdf01a36e7dde0d92189c6bdd4bb74dd992f84e674be877c9e839f004d 3411252 libav-tools_9.1-1_amd64.deb
 ff9e8b6a98cd4c0ac35ee5ad833f03dfd7600d83c815ac6621e730afb8189ce2 33658064 libav-dbg_9.1-1_amd64.deb
 e799ca9871f1a145fc6fcc561e46857ebe6d74f3d59246a12835c75a2f30cf75 14034188 libav-doc_9.1-1_all.deb
 54cfc9c12a21aebcf8bf367aca76175b05e7ee882cd70dcf0a298cb9934b5f26 105174 libavutil52_9.1-1_amd64.deb
 5a466cd41578406fa48181091c7aaac208b8fea0457662bd6e6f98177a552de3 2473558 libavcodec54_9.1-1_amd64.deb
 e529e700831019127c964186d0b790f115c1503bfc70ac501bfafe9c95d97870 73246 libavdevice53_9.1-1_amd64.deb
 f21f66b08a2ed64dc41b021f9514b31f3f29b197e07e8fd4d5e373b396e21f89 515074 libavformat54_9.1-1_amd64.deb
 5b834dee7c9aa1d917578bd90e80ffa2f54593609eb8077db800d7f512e5759f 138012 libavfilter3_9.1-1_amd64.deb
 1efbca0fe13749dd75ac741f95e2e055cc668a11fa4e80ba94e684f98b4267fd 125318 libswscale2_9.1-1_amd64.deb
 0b009ce279830a573629ccf895c1f5a54b66d10b36bee2c23cebc34de5562394 150680 libavutil-dev_9.1-1_amd64.deb
 a7034c9427b929029c6e46b855f968bf1b1d2b70936be411f9b135d65e04bb5a 2736570 libavcodec-dev_9.1-1_amd64.deb
 e6bbe2fc1db9d2a667bb486440534ed6ec992d6e4346d3223b1ee570ae0d1528 75276 libavdevice-dev_9.1-1_amd64.deb
 39364a7c869ae0df5e326ff287bdec33c14e3a41c195e51a180f3c3336956fb5 604236 libavformat-dev_9.1-1_amd64.deb
 6cf8d1046f00085771f5f112dea65c8ab88a938750614098a1b293c5404b5b6f 161156 libavfilter-dev_9.1-1_amd64.deb
 22977022c5f6b70852e78f128a49550174b40c3b13f80b7946da62a1f10e7514 136712 libswscale-dev_9.1-1_amd64.deb
 4f8179ff3d66b254a351c5d6fd0bbfcd10095dc1d482988cd3347b3c47819000 88232 libavresample-dev_9.1-1_amd64.deb
 745cff50c3633df56d09b353526e894bb43acba626bf55d336d523d114bd96ae 79988 libavresample1_9.1-1_amd64.deb
 124f0023d9a4d4d9fa81ac1ad49737c3661816edc8b9b04bf2bc4be09a062e72 48180 libavutil-extra-52_9.1-1_all.deb
 8fbc29498b6c355b60e1526ec2ed7ff06b2c9314552f3d9b8848bef90c91ee93 2477366 libavcodec-extra-54_9.1-1_amd64.deb
 a64408067ca5d3831bab3de94a9e7f9f717a74a2fb087f1233bded2db5d9c1a7 48182 libavdevice-extra-53_9.1-1_all.deb
 d6a4dd93d38f78acfed92973ec58c5d0b224309da325813aa260a7c9dbe1c50c 48172 libavfilter-extra-3_9.1-1_all.deb
 6139fbe713dbe0b7ebdc4154179b7c9ba00f9f29a40f606289165f6667712814 48182 libavformat-extra-54_9.1-1_all.deb
 2ae52dd8b91e576a37a592aea66b27d8fd2a6912c8b31294d0a89696aad1b0e5 48190 libswscale-extra-2_9.1-1_all.deb
Files: 
 a34391f104611301039e42761a0e4f1d 3432 libs optional libav_9.1-1.dsc
 6c70d41a452762d16162f4d66120efbe 4062784 libs optional libav_9.1.orig.tar.xz
 2b85dd28916a3bbf00cb6f832417c367 68068 libs optional libav_9.1-1.debian.tar.gz
 f4d2550b8e964627175a00dd3ebde1c4 3411252 video optional libav-tools_9.1-1_amd64.deb
 9122bb1d4dcacf61b74ecd66d002a0c2 33658064 debug extra libav-dbg_9.1-1_amd64.deb
 d0e79b8e2a2ce98b3d7e778648260d4e 14034188 doc optional libav-doc_9.1-1_all.deb
 8d22bf49996a6dc98a3ee9d6aa53e965 105174 libs optional libavutil52_9.1-1_amd64.deb
 6e13e13e6fa39ac5491426ecf7479afc 2473558 libs optional libavcodec54_9.1-1_amd64.deb
 a90e262efd68308a8440401b92d8d4fa 73246 libs optional libavdevice53_9.1-1_amd64.deb
 2bb3390a6ee54be244dfb9bd53a96aa6 515074 libs optional libavformat54_9.1-1_amd64.deb
 1864d79ed1eeeea825bb2e159cd3b832 138012 libs optional libavfilter3_9.1-1_amd64.deb
 d0cc9537821ce2d660b72788eda39f35 125318 libs optional libswscale2_9.1-1_amd64.deb
 cb77c3b99bb66c5358a2b5c3566be7fe 150680 libdevel optional libavutil-dev_9.1-1_amd64.deb
 cac1ea713ea765140deee008905e3764 2736570 libdevel optional libavcodec-dev_9.1-1_amd64.deb
 546dd6325fa66526794bf468bfd72c43 75276 libdevel optional libavdevice-dev_9.1-1_amd64.deb
 ad64dd638dc5c20ebb28988dc5f287aa 604236 libdevel optional libavformat-dev_9.1-1_amd64.deb
 84651f821c2c337fc051f509c82405e8 161156 libdevel optional libavfilter-dev_9.1-1_amd64.deb
 8d4e45343e20371d5f2ff6539a9d228f 136712 libdevel optional libswscale-dev_9.1-1_amd64.deb
 f998162a8c06172025141843fb2d3ea1 88232 libdevel optional libavresample-dev_9.1-1_amd64.deb
 88f2c9f3cac115790c079f3c44082c8c 79988 libs optional libavresample1_9.1-1_amd64.deb
 9fb0a4da99d9af5ba644bf8965caa09c 48180 oldlibs extra libavutil-extra-52_9.1-1_all.deb
 17fcfcbf8304353d3975fc3f8bbf8c48 2477366 libs optional libavcodec-extra-54_9.1-1_amd64.deb
 0fc0129f97a801ccf5141f92aae0cf06 48182 oldlibs extra libavdevice-extra-53_9.1-1_all.deb
 7dd8d82fae7f16f6b4510bceb49cd7f2 48172 oldlibs extra libavfilter-extra-3_9.1-1_all.deb
 b225117a25a8a744be5eee586eaaf61d 48182 oldlibs extra libavformat-extra-54_9.1-1_all.deb
 80bc16bc31659ffad9f0f878dee3862b 48190 oldlibs extra libswscale-extra-2_9.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Debian Powered!

iEYEARECAAYFAlDtDRkACgkQmAg1RJRTSKSwvwCdGRsz43GEWMjHBGWcuuSETu4H
3/sAnjA0+sG5spC/hiCnTktggtXbSW+5
=cE85
-----END PGP SIGNATURE-----

Message #32 received at 694483-close@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: 694483-close@bugs.debian.org

Subject: Bug#694483: fixed in libav 6:0.8.5-1

Date: Sun, 13 Jan 2013 15:33:10 +0000

Source: libav
Source-Version: 6:0.8.5-1

We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 694483@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated libav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 13 Jan 2013 11:56:59 +0100
Source: libav
Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev libavutil-extra-51 libavcodec-extra-53 libavdevice-extra-53 libavfilter-extra-2 libpostproc-extra-52 libavformat-extra-53 libswscale-extra-2
Architecture: source amd64 all
Version: 6:0.8.5-1
Distribution: unstable
Urgency: low
Maintainer: Reinhard Tartler <siretart@debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description: 
 ffmpeg     - Multimedia player, server, encoder and transcoder (transitional p
 ffmpeg-dbg - Debug symbols for Libav related packages (transitional package)
 ffmpeg-doc - Documentation of the Libav API (transitional package)
 libav-dbg  - Debug symbols for Libav related packages
 libav-doc  - Documentation of the Libav API
 libav-extra-dbg - Debug symbols for Libav related packages (transitional package)
 libav-tools - Multimedia player, server, encoder and transcoder
 libavcodec-dev - Development files for libavcodec
 libavcodec-extra-53 - Libav codec library (additional codecs)
 libavcodec53 - Libav codec library
 libavdevice-dev - Development files for libavdevice
 libavdevice-extra-53 - Libav device handling library (transitional package)
 libavdevice53 - Libav device handling library
 libavfilter-dev - Development files for libavfilter
 libavfilter-extra-2 - Libav filter library (transitional package)
 libavfilter2 - Libav video filtering library
 libavformat-dev - Development files for libavformat
 libavformat-extra-53 - Libav video postprocessing library (transitional package)
 libavformat53 - Libav file format library
 libavutil-dev - Development files for libavutil
 libavutil-extra-51 - Libav utility library (transitional package)
 libavutil51 - Libav utility library
 libpostproc-dev - Development files for libpostproc
 libpostproc-extra-52 - Libav video postprocessing library (transitional package)
 libpostproc52 - Libav video postprocessing library
 libswscale-dev - Development files for libswscale
 libswscale-extra-2 - Libav video software scaling library (transitional package)
 libswscale2 - Libav video scaling library
Closes: 694483
Changes: 
 libav (6:0.8.5-1) unstable; urgency=low
 .
   * New upstream security/bugfix release. New releases fixes
     (bug numbers reference http://bugzilla.libav.org, Closes: #694483)
     - Indeo 4 (CVE-2012-2791)
     - VP5/VP6 (CVE-2012-2783)
     - Indeo 3 (CVE-2012-2804)
     - MPEG-1/2 (CVE-2012-2803)
     - MP3 (CVE-2012-2797)
     - AAC (CVE-2012-5144)
     - AC-3 (CVE-2012-2802)
     - AVS (CVE-2012-2801)
     - DFA (CVE-2012-2798)
     - ID3v2 (Bug 395)
     - Serious Memory leaks on broken Ogg files
   * drop recordshow script. This clearly undermaintained script has
     unclear copyright status and is unlikely to work properly anyways.
Checksums-Sha1: 
 02d01674933c9825566a4a72f274d0343bb05fa7 3680 libav_0.8.5-1.dsc
 ab25c6446063e4a19eeab7c1c64b19790c099d5b 5287702 libav_0.8.5.orig.tar.gz
 252fe38c1e991f0825f15e23c62e65e6d76fe577 41573 libav_0.8.5-1.debian.tar.gz
 81312682ce2e724948609e8dd4ccda2c5b8c7378 363736 libav-tools_0.8.5-1_amd64.deb
 1a56a5bc7b7932e38d175e25c1d65ddbde815675 137958 ffmpeg_0.8.5-1_amd64.deb
 ffbb059515a2a37a7f4014ec6ace40900be0693f 43040 ffmpeg-dbg_0.8.5-1_all.deb
 8c6f7914a1d62c975795588166ac2e9caebbc69d 21706086 libav-dbg_0.8.5-1_amd64.deb
 2e646fd0cf98918c06e56e35d53580ff27f12d5a 43034 libav-extra-dbg_0.8.5-1_all.deb
 d52cbd18b0ba9f8c2b233eb0e4bad774814f6ace 43102 ffmpeg-doc_0.8.5-1_all.deb
 9061f56f3811c4686f9109b1e91aa64916c4f65a 12444332 libav-doc_0.8.5-1_all.deb
 56dfa14e3ae4ea36b3af3d44f96f334d25c79405 92428 libavutil51_0.8.5-1_amd64.deb
 28c7164edad7f284077cd33718125b2caffe3914 2502832 libavcodec53_0.8.5-1_amd64.deb
 399dcbc96b781c9a99c129cfeee75ac36c4dab30 68180 libavdevice53_0.8.5-1_amd64.deb
 8cb216e4f5bab8adbea6ef5d761b0afcf620da6e 463710 libavformat53_0.8.5-1_amd64.deb
 a4a57be05a8b5063085e4e724bd8288f4f2f5677 114538 libavfilter2_0.8.5-1_amd64.deb
 1c76e7bcc6adf9573eba6147e453b59e5c705b5e 88558 libpostproc52_0.8.5-1_amd64.deb
 812a4bd4f022cc8c486ce9d3916c2a85890a79d2 120416 libswscale2_0.8.5-1_amd64.deb
 a19ba3776e182b1e09a8d263f557ba1ac343ef70 132508 libavutil-dev_0.8.5-1_amd64.deb
 7463a1bcfeca6ee5612569c5e5efb180bdcec3e9 2747356 libavcodec-dev_0.8.5-1_amd64.deb
 33113e79daef3da3518797f86e0a5925b85f0315 70058 libavdevice-dev_0.8.5-1_amd64.deb
 2406dbdc574cf3ff961233bd2666098561ef9902 549968 libavformat-dev_0.8.5-1_amd64.deb
 5e3d1780b899b2655be1d0316ce3f7fc2e211069 133894 libavfilter-dev_0.8.5-1_amd64.deb
 f6f7f8a63f5b0b37d453c3222b50b53dde88042b 88696 libpostproc-dev_0.8.5-1_amd64.deb
 aea9a466bb468a8a1b1746f3f53ec1a732d4e1e9 130846 libswscale-dev_0.8.5-1_amd64.deb
 a5a4bfdf8bbb005f4625730e83b8ffcb5ac1b8b8 43068 libavutil-extra-51_0.8.5-1_all.deb
 ea19763d54bcea6ac69db54e97036ca83db0ce0c 2505964 libavcodec-extra-53_0.8.5-1_amd64.deb
 39d9910e5ccc74d955119d952c83d617d9c1a95f 43072 libavdevice-extra-53_0.8.5-1_all.deb
 221ed783b3e05d8353f24750d23416ae777eb1fb 43070 libavfilter-extra-2_0.8.5-1_all.deb
 0bb53051479cefd9737a6119b4ed8a0bb3efe365 43080 libpostproc-extra-52_0.8.5-1_all.deb
 7c4f559e3d66104f7480de4da33215aa58f49438 43072 libavformat-extra-53_0.8.5-1_all.deb
 97575677fa5b014a653ed61e9c71599ad77511ad 43062 libswscale-extra-2_0.8.5-1_all.deb
Checksums-Sha256: 
 57466257fd9a39b9cc61995558aaf0d6a80f4f073ebf2a5e86857699828df486 3680 libav_0.8.5-1.dsc
 3a1bb6d484fe0b6989befce1b49da6e1cac98c2828bd7b352f782909685e1a77 5287702 libav_0.8.5.orig.tar.gz
 98ce86c3ae0bf574b6874f1623aa4343da446ef471ecb0674b8a0d50d3dfd255 41573 libav_0.8.5-1.debian.tar.gz
 aad554227daecbbf8d782a6d68a3997347fbc824bd20bab57579d9202b894d52 363736 libav-tools_0.8.5-1_amd64.deb
 16c12231989d2cf15dd960a4ddef622f8c27018b9c3e2b3532f7fc8a7f042b26 137958 ffmpeg_0.8.5-1_amd64.deb
 cf2e0a0f3f4d0f3220ab084f951f15f956ed29dc89bb60b94b02f754eb61be14 43040 ffmpeg-dbg_0.8.5-1_all.deb
 88bcb97fde0b08e2fb16617b810e72e85a79f35353f8194d705d989ce357721b 21706086 libav-dbg_0.8.5-1_amd64.deb
 d86fc49d15ac2cdb0c318095c5b41f6be439c7bb041041ddcaee1aaf025ea813 43034 libav-extra-dbg_0.8.5-1_all.deb
 2aa93d48bffb3ffd8c81887788731ab679e951385cbcf4d7e79d7a2f11873c6d 43102 ffmpeg-doc_0.8.5-1_all.deb
 fefecfbc0c048076a49dceb1fc29af9c5cb433ed84a8aafa98e8904d69a525d7 12444332 libav-doc_0.8.5-1_all.deb
 ca0b2a1c5dff5f303fdca80a360272f548542a0f9ba55c27706d80200a971125 92428 libavutil51_0.8.5-1_amd64.deb
 a55b4a938a5cfb67fbd3ec57e4065d0207e3a8bdc93b307edae7c06c6650bbb6 2502832 libavcodec53_0.8.5-1_amd64.deb
 2735602fefac3a3a7ca52fec69c4848930b9040dfc15b40439d6d135c14cf08e 68180 libavdevice53_0.8.5-1_amd64.deb
 9e86be209bdcf29ecc7cde941eb063d6aac20376e6f835cd844ad7c0a8de7d65 463710 libavformat53_0.8.5-1_amd64.deb
 99d2cc03e1a1f8b163774c2ee801b1cc3fa2724a28ef05b0c222b02ddef11e5b 114538 libavfilter2_0.8.5-1_amd64.deb
 1be517a5be43426bf2638b0f867762f9f798084079c6fb9d352b7635558ade78 88558 libpostproc52_0.8.5-1_amd64.deb
 ae8c89f9f7fc207e97ad46d7a0aa5193c1d866219834816e43e94384697660ce 120416 libswscale2_0.8.5-1_amd64.deb
 068d0a42787d9d8c3cc347a63cd015ba07c12dd6843891f16ff0624f4d200ec6 132508 libavutil-dev_0.8.5-1_amd64.deb
 45b5484f8ab6162557caa6eb967288d8efbabb575abba800734e5edcfe1ff5dd 2747356 libavcodec-dev_0.8.5-1_amd64.deb
 858ebd287462705cc5acca2cd2d96bf7dc7c3dd2b708ad25b5d3691b1eaab29d 70058 libavdevice-dev_0.8.5-1_amd64.deb
 75d0e9434defb4bad9e29b79634198286e14a9b7ac4facbb264225666692d128 549968 libavformat-dev_0.8.5-1_amd64.deb
 53c02830b3a241bb8ca08d1d5732a0562d7a7ce73a7602e3130c919ae6f7eeff 133894 libavfilter-dev_0.8.5-1_amd64.deb
 dee9317ef414090f50253dbdaaeca9e014c5a54a6800dd4c531bc6c418eac4d5 88696 libpostproc-dev_0.8.5-1_amd64.deb
 3a2f905866bafceb0225eae6618e15d14de95d33c1e118ee8fbcc47264b5e575 130846 libswscale-dev_0.8.5-1_amd64.deb
 9dc30c8a6f1e74d3114563c3c29b905d5be8e5d8e125bc953b4c54803f5f6b47 43068 libavutil-extra-51_0.8.5-1_all.deb
 d16eeae1c8cd3c0bf5df9eb20525df090adecefc55e4c81af8909ac76d8817e4 2505964 libavcodec-extra-53_0.8.5-1_amd64.deb
 37b380ba50481cf1466364c9f9980a6f83aeaa3e424a4fc8bd32a31d5e3bb481 43072 libavdevice-extra-53_0.8.5-1_all.deb
 66c26ae4518d8d9818033b08e6b50057bf84117cc610050fe8239fe4b0230f33 43070 libavfilter-extra-2_0.8.5-1_all.deb
 6ba387f429b30f334049628eca6ec005074a5a67fdc41f0de26fd0e8b88ac26c 43080 libpostproc-extra-52_0.8.5-1_all.deb
 b8819df0b23bba0b40449cef904a6df2d2aee68a9ed75e9ed9eff04f1cd9b7a2 43072 libavformat-extra-53_0.8.5-1_all.deb
 afa49dc404fcbdaff562951ded15747e24acdeca9480e3638b8216c02c21486f 43062 libswscale-extra-2_0.8.5-1_all.deb
Files: 
 110501920c9412133bf1fddf6a59b5ab 3680 libs optional libav_0.8.5-1.dsc
 69c0760e51f6c343a13715ea2e388f90 5287702 libs optional libav_0.8.5.orig.tar.gz
 5ccf7065d28f29e8a804d38df082d521 41573 libs optional libav_0.8.5-1.debian.tar.gz
 4869bb083748b6b39118d9b3471a1d6e 363736 video optional libav-tools_0.8.5-1_amd64.deb
 2914f816bcb4dfce980fdccef6d99521 137958 oldlibs extra ffmpeg_0.8.5-1_amd64.deb
 3b528d9ea77fb2066eee4518e13732af 43040 oldlibs extra ffmpeg-dbg_0.8.5-1_all.deb
 1aa4ba0451f12c8811838fc7f698ccab 21706086 debug extra libav-dbg_0.8.5-1_amd64.deb
 108edfa9cd191dc13922c1727db7487e 43034 oldlibs extra libav-extra-dbg_0.8.5-1_all.deb
 f69ef21dbb722802704fde40b8829181 43102 oldlibs extra ffmpeg-doc_0.8.5-1_all.deb
 27a472ecd5b168b982d4a8d595931d3a 12444332 doc optional libav-doc_0.8.5-1_all.deb
 7f2d0632349d576235948a47ea42d1e7 92428 libs optional libavutil51_0.8.5-1_amd64.deb
 b2ef0b9e80dfdd6c9b8a1fa450aa4efd 2502832 libs optional libavcodec53_0.8.5-1_amd64.deb
 69be0939267c4e773698e213a96587b3 68180 libs optional libavdevice53_0.8.5-1_amd64.deb
 3462f54071aa2bb0cc563e14336dfd91 463710 libs optional libavformat53_0.8.5-1_amd64.deb
 024272f4e4555e9dfe5084f962143bd9 114538 libs optional libavfilter2_0.8.5-1_amd64.deb
 28262fa41c25b6c4685253f5a9e320d4 88558 libs optional libpostproc52_0.8.5-1_amd64.deb
 d8a1265154267be408e5fc46366d027a 120416 libs optional libswscale2_0.8.5-1_amd64.deb
 d532ca2f420245d8366a813fcb4dc5e2 132508 libdevel optional libavutil-dev_0.8.5-1_amd64.deb
 248b03817ae428268bd2a2c10ce19c86 2747356 libdevel optional libavcodec-dev_0.8.5-1_amd64.deb
 300a9c63e5778cd211e3261308761002 70058 libdevel optional libavdevice-dev_0.8.5-1_amd64.deb
 251bde6a2442f67f348b06f4461525df 549968 libdevel optional libavformat-dev_0.8.5-1_amd64.deb
 fc0f6393302b71da3b21ba237ced0ad7 133894 libdevel optional libavfilter-dev_0.8.5-1_amd64.deb
 3dbf946f10bafc0d3a3a222d7a2a9092 88696 libdevel optional libpostproc-dev_0.8.5-1_amd64.deb
 1938a5517fe96e788dfe5119401211f3 130846 libdevel optional libswscale-dev_0.8.5-1_amd64.deb
 0a57dfe1063e59d37ecd515e58021a8b 43068 oldlibs extra libavutil-extra-51_0.8.5-1_all.deb
 fe3fb3a89585259c2a00d075fe439701 2505964 libs optional libavcodec-extra-53_0.8.5-1_amd64.deb
 2bbd88476c859aec46dc023160dcd9ec 43072 oldlibs extra libavdevice-extra-53_0.8.5-1_all.deb
 147ed94c0dc1956cca7fa4a7132975df 43070 oldlibs extra libavfilter-extra-2_0.8.5-1_all.deb
 ec0f2a6427170951d45c50ac573be8f1 43080 oldlibs extra libpostproc-extra-52_0.8.5-1_all.deb
 e968f2749006bc397b1ba4b8b3c706ed 43072 oldlibs extra libavformat-extra-53_0.8.5-1_all.deb
 0bffe36ac9c5201e0c9a75d3e7ccbb99 43062 oldlibs extra libswscale-extra-2_0.8.5-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Debian Powered!

iEYEARECAAYFAlDyzz8ACgkQmAg1RJRTSKQ++wCdFvWAO+21kfOv+R56rkm0bSIt
ZXAAoICSjLBqE9XjdBHXMC4RoNcqZgps
=7RrI
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.