Package: src:libav; Maintainer for src:libav is Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>;
Reported by: Michael Gilbert <mgilbert@debian.org>
Date: Sat, 16 Mar 2013 20:12:02 UTC
Severity: grave
Tags: security
Found in version libav/6:0.8.5-1
Fixed in versions libav/6:9.4-1, libav/6:0.8.6-1
Done: Reinhard Tartler <siretart@tauware.de>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#703200
; Package src:libav
.
(Sat, 16 Mar 2013 20:12:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Sat, 16 Mar 2013 20:12:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: src:libav severity: grave version: 6:0.8.5-1 Hi, the following vulnerabilities were published for libav. These are currently unfixed in 0.8.5-1. CVE-2013-0894[0]: | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the | Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, | as used in Google Chrome before 25.0.1364.97 on Windows and Linux and | before 25.0.1364.99 on Mac OS X and other products, allows remote | attackers to cause a denial of service (divide-by-zero error or | out-of-bounds array access) or possibly have unspecified other impact | via vectors involving a zero value for a bark map size. CVE-2013-2277[1]: | The ff_h464_decode_seq_parameter_set function in h464_ps.c in | libavcodec in FFmpeg before 1.1.3 does not validate the relationship | between luma depth and chroma depth, which allows remote attackers to | cause a denial of service (out-of-bounds array access and application | crash) or possibly have unspecified other impact via crafted H.264 | data. CVE-2013-2495[2]: | The iff_read_header function in iff.c in libavformat in FFmpeg through | 1.1.3 does not properly handle data sizes for Interchange File Format | (IFF) data during operations involving a CMAP chunk or a video codec, | which allows remote attackers to cause a denial of service (integer | overflow, out-of-bounds array access, and application crash) or | possibly have unspecified other impact via a crafted header. CVE-2013-2496[3]: | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in | FFmpeg through 1.1.3 does not properly determine certain end pointers, | which allows remote attackers to cause a denial of service | (out-of-bounds array access and application crash) or possibly have | unspecified other impact via crafted Microsoft RLE data. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0894 http://security-tracker.debian.org/tracker/CVE-2013-0894 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2277 http://security-tracker.debian.org/tracker/CVE-2013-2277 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2495 http://security-tracker.debian.org/tracker/CVE-2013-2495 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2496 http://security-tracker.debian.org/tracker/CVE-2013-2496
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#703200
; Package src:libav
.
(Sun, 17 Mar 2013 09:24:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Reinhard Tartler <siretart@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Sun, 17 Mar 2013 09:24:07 GMT) (full text, mbox, link).
Message #10 received at 703200@bugs.debian.org (full text, mbox, reply):
On Sat, Mar 16, 2013 at 9:09 PM, Michael Gilbert <mgilbert@debian.org> wrote: > package: src:libav > severity: grave > version: 6:0.8.5-1 > > Hi, the following vulnerabilities were published for libav. These are > currently unfixed in 0.8.5-1. > > CVE-2013-0894[0]: > | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the > | Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, > | as used in Google Chrome before 25.0.1364.97 on Windows and Linux and > | before 25.0.1364.99 on Mac OS X and other products, allows remote > | attackers to cause a denial of service (divide-by-zero error or > | out-of-bounds array access) or possibly have unspecified other impact > | via vectors involving a zero value for a bark map size. scheduled for 0.8.6, commit v0.8.5-12-ge050af9 > CVE-2013-2277[1]: > | The ff_h464_decode_seq_parameter_set function in h464_ps.c in > | libavcodec in FFmpeg before 1.1.3 does not validate the relationship > | between luma depth and chroma depth, which allows remote attackers to > | cause a denial of service (out-of-bounds array access and application > | crash) or possibly have unspecified other impact via crafted H.264 > | data. > Scheduled for 0.8.6, commit v0.8.5-19-g9e48d77 > CVE-2013-2495[2]: > | The iff_read_header function in iff.c in libavformat in FFmpeg through > | 1.1.3 does not properly handle data sizes for Interchange File Format > | (IFF) data during operations involving a CMAP chunk or a video codec, > | which allows remote attackers to cause a denial of service (integer > | overflow, out-of-bounds array access, and application crash) or > | possibly have unspecified other impact via a crafted header. Patch proposed: http://patches.libav.org/patch/36075/ We are currently discussing this issue; we are unsure if the fix from FFmpeg is correct. > CVE-2013-2496[3]: > | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in > | FFmpeg through 1.1.3 does not properly determine certain end pointers, > | which allows remote attackers to cause a denial of service > | (out-of-bounds array access and application crash) or possibly have > | unspecified other impact via crafted Microsoft RLE data. scheduled for 0.8.6, commit v0.8.5-38-g4160398 > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Will do. As for the timeline, I actually intended to release 0.8.6 this weekend, but since you have raised these four issues, I'm considering to delay the release for another week to allow further testing, espc. given that one of the issues did not even land in master yet. Thanks for raising these security issues. -- regards, Reinhard
Added tag(s) security.
Request was from Steven Chamberlain <steven@pyro.eu.org>
to control@bugs.debian.org
.
(Sat, 23 Mar 2013 19:30:07 GMT) (full text, mbox, link).
Reply sent
to Reinhard Tartler <siretart@tauware.de>
:
You have taken responsibility.
(Sun, 24 Mar 2013 18:06:04 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>
:
Bug acknowledged by developer.
(Sun, 24 Mar 2013 18:06:04 GMT) (full text, mbox, link).
Message #17 received at 703200-close@bugs.debian.org (full text, mbox, reply):
Source: libav Source-Version: 6:9.4-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 703200@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siretart@tauware.de> (supplier of updated libav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 24 Mar 2013 07:30:01 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil52 libavcodec54 libavdevice53 libavformat54 libavfilter3 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample1 libavutil-extra-52 libavcodec-extra-54 libavdevice-extra-53 libavfilter-extra-3 libavformat-extra-54 libswscale-extra-2 Architecture: source i386 all Version: 6:9.4-1 Distribution: experimental Urgency: low Maintainer: Reinhard Tartler <siretart@debian.org> Changed-By: Reinhard Tartler <siretart@tauware.de> Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, server, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra-54 - Libav codec library (additional codecs) libavcodec54 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice-extra-53 - Libav device handling library (transitional package) libavdevice53 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter-extra-3 - Libav filter library (transitional package) libavfilter3 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat-extra-54 - Libav file format library (transitional package) libavformat54 - Libav file format library libavresample-dev - Development files for libavresample libavresample1 - Libav audo resampling library libavutil-dev - Development files for libavutil libavutil-extra-52 - Libav utility library (transitional package) libavutil52 - Libav utility library libswscale-dev - Development files for libswscale libswscale-extra-2 - Libav video software scaling library (transitional package) libswscale2 - Libav video scaling library Closes: 703200 Changes: libav (6:9.4-1) experimental; urgency=low . * Imported Upstream version 9.4 - h464: check for luma and chroma bit dept being equal (CVE-2013-2277) - iff: validate CMAP palette size (CVE-2013-2495) - Thus, closes: #703200 * debian/watch: download xz files and tigthen checks Checksums-Sha1: ca1708ea5d2cb8fc1d7b94c3b5b390bd57a2c72c 3470 libav_9.4-1.dsc 201816477403173f7f0d73383874ec609998f193 4066184 libav_9.4.orig.tar.xz d25c1c5c9eddf90c6f3fd98b567f654cbcad044b 47117 libav_9.4-1.debian.tar.gz 56a7bc2cd975577e9f6d1e01017f6ed04eb90f2c 3414716 libav-tools_9.4-1_i386.deb 2af1d2d517523faa80735b1f014d6ea77a489d93 53290966 libav-dbg_9.4-1_i386.deb f8dbcdff1167df4ce5c8daad771fd6f28947e1d6 14159748 libav-doc_9.4-1_all.deb eba10271b173b2f529b27a6c49accb3a9720d877 123162 libavutil52_9.4-1_i386.deb 2b1d03418541eb3a939fdd4a67178a9be38c81be 3110224 libavcodec54_9.4-1_i386.deb 1e6c7028c9a961c6436f48b5571cb37d94af075e 78896 libavdevice53_9.4-1_i386.deb d824a1cb4fea1d7342ddb9477f5b69b8467a3cb2 660992 libavformat54_9.4-1_i386.deb 5f17fd4543aa9ea69d56adc9dd43e866df314632 161166 libavfilter3_9.4-1_i386.deb ff5818c159e285abd3e03aae73543c559d7e27bd 148338 libswscale2_9.4-1_i386.deb 208047438571ba34917d3c457d4d2bc59fe3937a 152992 libavutil-dev_9.4-1_i386.deb 8e993f57e3752031f7cad38548b0098f7efaa023 2693042 libavcodec-dev_9.4-1_i386.deb fc2e30f72cf36f17d70a1c474dc409c01194bea7 77242 libavdevice-dev_9.4-1_i386.deb 5782088de9cc45d890290311fef659d1a4da7638 613754 libavformat-dev_9.4-1_i386.deb 3c3c32c15f506d3fb74b2093956631da26e3633f 162712 libavfilter-dev_9.4-1_i386.deb d64f875ff1930d170e78bb9198a149f7609607db 141290 libswscale-dev_9.4-1_i386.deb 6cae368b071324e988949e371442d62b212df28a 91456 libavresample-dev_9.4-1_i386.deb f1c87da68de5061357cf5c3f83f2e73341d1bfc3 89126 libavresample1_9.4-1_i386.deb a608bf77ccba6ca04d72c8fc52f840c4fd49df65 50442 libavutil-extra-52_9.4-1_all.deb 845cf041cd353fed7d48ab031595df65d8928957 3114352 libavcodec-extra-54_9.4-1_i386.deb a6f1833caa7a272e6405234a7ae4126db85395fa 50462 libavdevice-extra-53_9.4-1_all.deb b7a8cf45efb3d1a8d7accfe2718828c381a6ceee 50446 libavfilter-extra-3_9.4-1_all.deb 1c3c13d216e6a2fdbfd3c8f7e95aee7a6b80692a 50448 libavformat-extra-54_9.4-1_all.deb e2bb039dc648a1779371b8b38f3f3de8642cd9a4 50458 libswscale-extra-2_9.4-1_all.deb Checksums-Sha256: 80b6e057bea1a3f0721bc0746aeb39bb5e010e706d726e51291bf2741f7e88da 3470 libav_9.4-1.dsc cd7156315a03a9ebe95d2425765074e779979eaf194ad9e52d76b90ffef56d13 4066184 libav_9.4.orig.tar.xz 1262eaf6386d920d9458fe148a3bcbb25c2b3c30b1e099b4d875b52613b25a3f 47117 libav_9.4-1.debian.tar.gz 7a0c24eae507e4e9dfdf84085a4ba9cca5e05a35763cd5a48eadb2c23ebd03f2 3414716 libav-tools_9.4-1_i386.deb 04942a44707e503571dd661bdb8ec02e95dc5d728973f9ea087f265a43a3ee20 53290966 libav-dbg_9.4-1_i386.deb b81eea2eb6b485a56b2cb3c6effdadbf5b7495a17d4aece4222fa2af399d7dd7 14159748 libav-doc_9.4-1_all.deb 41edeeda9192289a167dcae9d0fd46a20f3d97fe186f1fac05ef5230da22505f 123162 libavutil52_9.4-1_i386.deb 7d129b8887da4240308ad4e9f554df32eb72917c7c188c3725593e469a333d87 3110224 libavcodec54_9.4-1_i386.deb 8c42e41d722085901caf195148832758842b7b8448243ba5237c046d3b0f1a89 78896 libavdevice53_9.4-1_i386.deb 21d511c20ef883314eedd0cb959ca03cab71a1415a9e2a99a2cd8d0d97edfe3e 660992 libavformat54_9.4-1_i386.deb 2a256a2d12685686416904de5520b5232844b7627ce2c83192f4cd09ee98895b 161166 libavfilter3_9.4-1_i386.deb 999bc3e22fb3306e9ac9bc4ba8517027e27e63b3965ee01f73e0b44c1d12a8e0 148338 libswscale2_9.4-1_i386.deb 9c50f266851e4b90cb85430241f9884fa668a88ae332c9bf98ff93626966fd88 152992 libavutil-dev_9.4-1_i386.deb 610f405241cf3e71186ee3025aa0021028c38625c1f4055d337fbcc9589baadc 2693042 libavcodec-dev_9.4-1_i386.deb e7964ebe66bec8bac23453047ecfa45a0be9c356bc4d71e2f7bee38226b51d31 77242 libavdevice-dev_9.4-1_i386.deb 8fb635606f0ef67b38a7d1c208c1efa6af0058e4810709ce048cfb0800f3f2a9 613754 libavformat-dev_9.4-1_i386.deb 313cc96d11a0045f317e9701b900eec0b96680ce8b461331c55119ea39addc83 162712 libavfilter-dev_9.4-1_i386.deb 2267502761fe8409123ceec7c2ffd7d639c2165bf8a49776c6623de82ff6d65f 141290 libswscale-dev_9.4-1_i386.deb 68d29f3dcd86497046847b05eff255697894c1518c7ef7c7e7dc6da919915abb 91456 libavresample-dev_9.4-1_i386.deb c77594ce011b9f7e4784f524a172580252c30e5a5675027047cee1d88863822f 89126 libavresample1_9.4-1_i386.deb a9fefe60489ee7e2498d51600f2844173d81b750570611d7054fdc438c88c8d4 50442 libavutil-extra-52_9.4-1_all.deb fdcaf76be32c6ea64a54700846851d409498bd677cc522f3ff1ee59178bdb4e2 3114352 libavcodec-extra-54_9.4-1_i386.deb efd461a52a39c49688d1552fdf13bbfeac71846e1c46c5c16650ba1ab22c5b90 50462 libavdevice-extra-53_9.4-1_all.deb 50aa9bc56020f5cb02f966fa95b76d58e03b4e720c3e62e7af982af265457b03 50446 libavfilter-extra-3_9.4-1_all.deb 2c9837467c04543bd6e9a85b5198f5f16b8fa37f7aff897c16e1cf6ba79ee045 50448 libavformat-extra-54_9.4-1_all.deb 94d2ea7e6ae1964138d2e1729b5cbdc17930160c677d54f19e39fac24cbcc78c 50458 libswscale-extra-2_9.4-1_all.deb Files: 871ee1ef33660f02119e210c95c88500 3470 libs optional libav_9.4-1.dsc 3e31b80744022d00af05f638db38e83f 4066184 libs optional libav_9.4.orig.tar.xz eb6e394e19717afedb7d041330ebb9ab 47117 libs optional libav_9.4-1.debian.tar.gz 2c1f182214d70469233d5d949451dded 3414716 video optional libav-tools_9.4-1_i386.deb feacfaafcce60686501080a71b60b671 53290966 debug extra libav-dbg_9.4-1_i386.deb ed0875ca8fc7078b9518de17857ee71b 14159748 doc optional libav-doc_9.4-1_all.deb 64dedb1ad70add9af99c420d59cd3a71 123162 libs optional libavutil52_9.4-1_i386.deb ec4729e97dd26d8a4cd2e159d56267af 3110224 libs optional libavcodec54_9.4-1_i386.deb 3326ce7b955167fe451f5a3ffeceef37 78896 libs optional libavdevice53_9.4-1_i386.deb d138dd22089f99a693837785094479fa 660992 libs optional libavformat54_9.4-1_i386.deb 5e09593c93079da5c42a43ed5fc26c72 161166 libs optional libavfilter3_9.4-1_i386.deb 9459e36e5a344ac6aaff11eed39dcd0c 148338 libs optional libswscale2_9.4-1_i386.deb 9c0970a8f628e9f7d7e0d1ebce0fda76 152992 libdevel optional libavutil-dev_9.4-1_i386.deb 22bf6f87df2b57baadab0d8d0fda012e 2693042 libdevel optional libavcodec-dev_9.4-1_i386.deb b5d89ba9951ce1478afc3fd357d28289 77242 libdevel optional libavdevice-dev_9.4-1_i386.deb 0fee3ceb4135b28b0dc39fe3ecefccb2 613754 libdevel optional libavformat-dev_9.4-1_i386.deb 1fc5bbf98d7d176c6f577bdc36f7f306 162712 libdevel optional libavfilter-dev_9.4-1_i386.deb d40d2b7264937ffcc6fd13f4b6b5b9c0 141290 libdevel optional libswscale-dev_9.4-1_i386.deb 0ee414bfdceb7152b59bc23150b56848 91456 libdevel optional libavresample-dev_9.4-1_i386.deb be32307a9b2867ff3d05bff87583a1f4 89126 libs optional libavresample1_9.4-1_i386.deb 2923bf8f8c09f494daf1fee92cbbf94b 50442 oldlibs extra libavutil-extra-52_9.4-1_all.deb f0a91008fc8d7ab9aacf856a2429d2db 3114352 libs optional libavcodec-extra-54_9.4-1_i386.deb 228d771576eedfd5b2dc8746c3011899 50462 oldlibs extra libavdevice-extra-53_9.4-1_all.deb bcc5905c4d294e991bc0bf566cc14d02 50446 oldlibs extra libavfilter-extra-3_9.4-1_all.deb 4b1decd4d0aaff7d4a5336862ddd7b02 50448 oldlibs extra libavformat-extra-54_9.4-1_all.deb e611e267a917bef2cead92dd702be172 50458 oldlibs extra libswscale-extra-2_9.4-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Debian Powered! iEYEARECAAYFAlFPOgIACgkQmAg1RJRTSKRRbQCggxmYJuYqs3ZlwHN0u2vJqw7j z3cAnRBM/MJcr2nRHb8FFvWmqU4FhMIy =fDsJ -----END PGP SIGNATURE-----
Reply sent
to Reinhard Tartler <siretart@tauware.de>
:
You have taken responsibility.
(Sun, 24 Mar 2013 18:21:15 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>
:
Bug acknowledged by developer.
(Sun, 24 Mar 2013 18:21:15 GMT) (full text, mbox, link).
Message #22 received at 703200-close@bugs.debian.org (full text, mbox, reply):
Source: libav Source-Version: 6:0.8.6-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 703200@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siretart@tauware.de> (supplier of updated libav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 24 Mar 2013 07:35:51 +0100 Source: libav Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev libavutil-extra-51 libavcodec-extra-53 libavdevice-extra-53 libavfilter-extra-2 libpostproc-extra-52 libavformat-extra-53 libswscale-extra-2 Architecture: source i386 all Version: 6:0.8.6-1 Distribution: unstable Urgency: low Maintainer: Reinhard Tartler <siretart@debian.org> Changed-By: Reinhard Tartler <siretart@tauware.de> Description: ffmpeg - Multimedia player, server, encoder and transcoder (transitional p ffmpeg-dbg - Debug symbols for Libav related packages (transitional package) ffmpeg-doc - Documentation of the Libav API (transitional package) libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-extra-dbg - Debug symbols for Libav related packages (transitional package) libav-tools - Multimedia player, server, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra-53 - Libav codec library (additional codecs) libavcodec53 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice-extra-53 - Libav device handling library (transitional package) libavdevice53 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter-extra-2 - Libav filter library (transitional package) libavfilter2 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat-extra-53 - Libav video postprocessing library (transitional package) libavformat53 - Libav file format library libavutil-dev - Development files for libavutil libavutil-extra-51 - Libav utility library (transitional package) libavutil51 - Libav utility library libpostproc-dev - Development files for libpostproc libpostproc-extra-52 - Libav video postprocessing library (transitional package) libpostproc52 - Libav video postprocessing library libswscale-dev - Development files for libswscale libswscale-extra-2 - Libav video software scaling library (transitional package) libswscale2 - Libav video scaling library Closes: 703200 Changes: libav (6:0.8.6-1) unstable; urgency=low . * Imported Upstream version 0.8.6, new releases fixes: - h464: check for luma and chroma bit depth being equal (CVE-2013-2277) - iff: validate CMAP palette size (CVE-2013-2495) - msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) - vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) - Thus, closes: #703200 Checksums-Sha1: ba3379c2f5c09ae2891268f3f05d6ca2dcdadb08 3680 libav_0.8.6-1.dsc c143f55d4a2897a56309214956e66578dd675659 5289362 libav_0.8.6.orig.tar.gz 4371e587ed11062ac9f34ee43e410fbe0e9f155e 41609 libav_0.8.6-1.debian.tar.gz de688a18d83b715c1b135ecfbb7a56c6985fa7d9 363784 libav-tools_0.8.6-1_i386.deb 9e8adf595e15592a248ab0b94358119f1febe948 139144 ffmpeg_0.8.6-1_i386.deb e399cd30295e9b6339157891ff78ebd63631f04f 43932 ffmpeg-dbg_0.8.6-1_all.deb 9dc53d7c6fd1296858be523a9f8fa739c2cc22b4 41368058 libav-dbg_0.8.6-1_i386.deb c9cd5df214d164c24e0a039a52deba9907567695 43936 libav-extra-dbg_0.8.6-1_all.deb ea2ac39037fb5da2f6a881430a16bd4d85b3b6f6 43998 ffmpeg-doc_0.8.6-1_all.deb d4437136db7eb85d3ea644fc7930b7bf01b159f7 12505806 libav-doc_0.8.6-1_all.deb f4d817d3f799a5dcfcdc307f106c8a04a865ec58 107462 libavutil51_0.8.6-1_i386.deb 3faa50b3c624b4a33693bf0576f6e1d6b7f0a4cc 3189678 libavcodec53_0.8.6-1_i386.deb dc77318080120248d77e0918eb718669470c2b32 71896 libavdevice53_0.8.6-1_i386.deb 584a6754254dee6f752667b5c838d957aad6addf 590436 libavformat53_0.8.6-1_i386.deb f90be126f44c3036c82e02771b3bfd834bfac18a 132394 libavfilter2_0.8.6-1_i386.deb 4e14916d06dcd4887badd03365e0b8e7009b193e 97320 libpostproc52_0.8.6-1_i386.deb f0a74debce7e93c9891ff16bbb5b1c68fd2026ec 145402 libswscale2_0.8.6-1_i386.deb 00b852bbff689d714d4f706dcc41a095e49eea07 133418 libavutil-dev_0.8.6-1_i386.deb d7aa5f368c0088e005957d6dcc3be39db05960c7 2680262 libavcodec-dev_0.8.6-1_i386.deb 94ae1786766aa41acfe092e10325d5709accb22d 70632 libavdevice-dev_0.8.6-1_i386.deb e2fdc8ab83008ee2273823eea8c2950b29255975 558068 libavformat-dev_0.8.6-1_i386.deb f2bc09ae48d6b1350f17a56bf37943b67c864d31 133772 libavfilter-dev_0.8.6-1_i386.deb 7f17de2bda4fa779190ebc3fcd9906adfc641599 86428 libpostproc-dev_0.8.6-1_i386.deb 9c469c4d3f41f6ec5e307c5ee917210b1a934b3b 135028 libswscale-dev_0.8.6-1_i386.deb 51dd28d54251c5d9932aa4a5921b19fa7a1e73c2 43980 libavutil-extra-51_0.8.6-1_all.deb be12556be073424c07511db908f4bd69b2a192ae 3193932 libavcodec-extra-53_0.8.6-1_i386.deb 94c6ad7e7da06fbd2a6d8bc44c275049eb71d43a 43980 libavdevice-extra-53_0.8.6-1_all.deb 00b5f09b3e1879895a79e7c765748450f404d171 43970 libavfilter-extra-2_0.8.6-1_all.deb 9ee244a2d216f2c2ef19fff880309a4b124d356c 43988 libpostproc-extra-52_0.8.6-1_all.deb 8b36f6fb9b43795e8679eda5c1fc2b74c3d8a57f 43972 libavformat-extra-53_0.8.6-1_all.deb ee1c6a4abfd3f060cf8b5f471eb51580a276fbd2 43986 libswscale-extra-2_0.8.6-1_all.deb Checksums-Sha256: 3d39daefddf7de385fe90ef739fffb489c590800eb898f4c06cc6b8811757cea 3680 libav_0.8.6-1.dsc b03e23f3c34331ce955c2ac4e90994d1b7b0f1b7f52e9c651daf94a99671dd67 5289362 libav_0.8.6.orig.tar.gz afa31c9ff32477598094dd3347c1a9c4cb88fe26971ce9f7824c448400fc2f4c 41609 libav_0.8.6-1.debian.tar.gz e34d6583bcfc523eea3b918fb914368638a43d6f5af4a31335e47dd4bceb6398 363784 libav-tools_0.8.6-1_i386.deb 76813d0536e753a94f922462c514181e0eee6c3fde6a62a11816deae33bdc825 139144 ffmpeg_0.8.6-1_i386.deb 7db3d3e5574b3c809762af40adafb120a9c453a50528b6f3accbfd686f3bd8d9 43932 ffmpeg-dbg_0.8.6-1_all.deb 24962999da4b73c8f8bca06faa29469ae61f81fd19a0a2dd6161987e6251a0a9 41368058 libav-dbg_0.8.6-1_i386.deb 7b6aec9aaa04edb479013e701fdfea1705893cb95155c1acf6b8663b0e87cd2f 43936 libav-extra-dbg_0.8.6-1_all.deb a5f949ef83b49da35743f4ccff91feea407b0f5365b16b4713e923ea6d904667 43998 ffmpeg-doc_0.8.6-1_all.deb e8141880e3acee2c3614df7d8deaed552bff4fc4151aaacea4b2acf70ad3959c 12505806 libav-doc_0.8.6-1_all.deb a70f7d30b34983e6b563d3e8f8f8826ff8ee7fe60b4d5164776a46c21fcd0ef7 107462 libavutil51_0.8.6-1_i386.deb 4572a718a1f781396a1179ac3585adc5b274c16e896af552155370e24c2f7e4c 3189678 libavcodec53_0.8.6-1_i386.deb 1e85dacd1a2e12700f74836a57f0a668b2c4b6d56cdc91fb164219239f3adde2 71896 libavdevice53_0.8.6-1_i386.deb 811cc8e1b0ec0ab713588da914276c9834a6ccf83ebc773470c3a00990665de1 590436 libavformat53_0.8.6-1_i386.deb 9aa8b89ecc9a0d3d1b38aeb867c1bcb7e734c485ec81c118822b1cbf57bf4163 132394 libavfilter2_0.8.6-1_i386.deb cf8c754636178604a9a69b49788e895fd7165d8828a986625d8b1ce4938db3c6 97320 libpostproc52_0.8.6-1_i386.deb 4cc0bddcfec28464da65b06b6ff50faa91c0fe5162269ced9eba77ace27c5046 145402 libswscale2_0.8.6-1_i386.deb 1ccc9f67ce67dff2340d7896fd971c4144b70965fd9b808cec6c8860f9d2f9d2 133418 libavutil-dev_0.8.6-1_i386.deb b8a246c6c8e215d345983919bc99240e213d18e1d4de60fea0aa641916ac6ffc 2680262 libavcodec-dev_0.8.6-1_i386.deb 16628a4653081ec4f9315f2bf23a58372f86c2ffb0dad3b8fd3c3717fec662eb 70632 libavdevice-dev_0.8.6-1_i386.deb eebcc9e9b0630d9a7ea5d2409c7b355ceb5144a217312c2a7713290ef16f69ae 558068 libavformat-dev_0.8.6-1_i386.deb ff068fbcb937a46737ffdb6e4f58e073360cf5a496437822b4192ce946e25665 133772 libavfilter-dev_0.8.6-1_i386.deb 31cf72249da0fed17c648f45bc7f92a0ddf06798758eccf69d333ac58d8b1069 86428 libpostproc-dev_0.8.6-1_i386.deb 044e2faf041491933f76cf032b050d59699cb928c27cc75e80df609c4637131a 135028 libswscale-dev_0.8.6-1_i386.deb 62fa45fb9d02b17e45d00064d5b209e694b94dadd278e3af8c3a789e06800733 43980 libavutil-extra-51_0.8.6-1_all.deb 1d2ea86e0c5477d0ce303455410711d4ffeea6613a5af62801695bf7472ed42f 3193932 libavcodec-extra-53_0.8.6-1_i386.deb 299358c86c29c0a07aca68ecae6cc8132165e98554ff7c3d73b71c0cadb6c01c 43980 libavdevice-extra-53_0.8.6-1_all.deb f5eb1234d3dcb1240365fdfc4770c46fcfb9c07b878c2c8230cc23579ee6347a 43970 libavfilter-extra-2_0.8.6-1_all.deb 64cce0309767aa79765ce2aac2ba8fa33c7f022f302dbc4ef22fb31f21a709d9 43988 libpostproc-extra-52_0.8.6-1_all.deb b7b41d3657fade6360fe395db27632be8e2f19b507a052b4a2d067116ab00add 43972 libavformat-extra-53_0.8.6-1_all.deb 0ede3bdbb1573a3f3a725d552859b3f26bfb466e14906e211ccae86b2805c348 43986 libswscale-extra-2_0.8.6-1_all.deb Files: ac78beaa9f8b7b686d4474d909ae06f9 3680 libs optional libav_0.8.6-1.dsc 7154a4cf9cc6ac3b6950b1355e0b0644 5289362 libs optional libav_0.8.6.orig.tar.gz 523d5cd5ce006132f796cceedbec4fa8 41609 libs optional libav_0.8.6-1.debian.tar.gz 67513bd15c26d7e6a95fb4b51e3b817c 363784 video optional libav-tools_0.8.6-1_i386.deb 350216260ad7452c05d22fe9dc9ea7c9 139144 oldlibs extra ffmpeg_0.8.6-1_i386.deb cb09e79a648e5ee51076b2dce2eff3b9 43932 oldlibs extra ffmpeg-dbg_0.8.6-1_all.deb 676596f14f22aa3af27ca5d53fb4839e 41368058 debug extra libav-dbg_0.8.6-1_i386.deb bbe774d5abf34b72b74cd100af6290ff 43936 oldlibs extra libav-extra-dbg_0.8.6-1_all.deb 5b04ff89778dd7292b51b3fb77368b6e 43998 oldlibs extra ffmpeg-doc_0.8.6-1_all.deb bce9ab59b137f0158030bb8faf760249 12505806 doc optional libav-doc_0.8.6-1_all.deb f53da34a68cb345f1b76d6fd3ac6168c 107462 libs optional libavutil51_0.8.6-1_i386.deb 14b052547513e9ee19b2f8b29868c4f0 3189678 libs optional libavcodec53_0.8.6-1_i386.deb 4685338f87078111078e54ebd1cae402 71896 libs optional libavdevice53_0.8.6-1_i386.deb 9aeb5b2171d22489a093b55f5d884914 590436 libs optional libavformat53_0.8.6-1_i386.deb ed5f25d6e7ffd2595fbbf4b858cde64b 132394 libs optional libavfilter2_0.8.6-1_i386.deb cb60ccd2afb22fc46f00fbcebae4846c 97320 libs optional libpostproc52_0.8.6-1_i386.deb c7788872459eccde400da5169a76444f 145402 libs optional libswscale2_0.8.6-1_i386.deb 111c32259063241ef02f07be53c1106e 133418 libdevel optional libavutil-dev_0.8.6-1_i386.deb 9bff668da5192bcfb667122312059430 2680262 libdevel optional libavcodec-dev_0.8.6-1_i386.deb 812aa9a359d5b2812872b332ed7b44e4 70632 libdevel optional libavdevice-dev_0.8.6-1_i386.deb 734cf9fcca63c45af4b1e64e9d1b19b6 558068 libdevel optional libavformat-dev_0.8.6-1_i386.deb d84179dfa35367874ead60024f976f41 133772 libdevel optional libavfilter-dev_0.8.6-1_i386.deb 0aa46dcf956d5860274b9680ad7c5309 86428 libdevel optional libpostproc-dev_0.8.6-1_i386.deb e3f1dfa94fa7eb1795c0cdf8f0ddc067 135028 libdevel optional libswscale-dev_0.8.6-1_i386.deb d87bef24e796ea386e79bbee9d83b0ba 43980 oldlibs extra libavutil-extra-51_0.8.6-1_all.deb 49dba15b7b8c43e274f68d8c5964fc04 3193932 libs optional libavcodec-extra-53_0.8.6-1_i386.deb 43b86043250ee98209946e1ce34f48a3 43980 oldlibs extra libavdevice-extra-53_0.8.6-1_all.deb e3ef4cba0ba8c5c36134276c8cce32af 43970 oldlibs extra libavfilter-extra-2_0.8.6-1_all.deb d5548100805f789d5299b23816ed2857 43988 oldlibs extra libpostproc-extra-52_0.8.6-1_all.deb c5cd6b66ff68b43d0c9e2542edd24a94 43972 oldlibs extra libavformat-extra-53_0.8.6-1_all.deb f92be0919d6994a4c5e1009adcb19a21 43986 oldlibs extra libswscale-extra-2_0.8.6-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Debian Powered! iEYEARECAAYFAlFPOtcACgkQmAg1RJRTSKRU6ACggiHHjjx2b4q8ySAJwgGjzbMJ qHIAn2ekHH6bm86xzCzqA6G2NtPShNbe =jFga -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 27 Apr 2013 07:25:54 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.