Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-3249 CVE-2010-3429

Source

Debian Bug report logs - #598590
CVE-2010-3249: FLIC vulnerabiliry

Package: ffmpeg; Maintainer for ffmpeg is Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>; Source for ffmpeg is src:ffmpeg (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Thu, 30 Sep 2010 10:12:01 UTC

Severity: grave

Tags: security

Found in version ffmpeg/4:0.5.2-5

Fixed in version ffmpeg/4:0.5.2-6

Done: Reinhard Tartler <siretart@tauware.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, unknown-package@qa.debian.org:
Bug#598590; Package libavcodec0d. (Thu, 30 Sep 2010 10:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, unknown-package@qa.debian.org. (Thu, 30 Sep 2010 10:12:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: libavcodec0d
Severity: grave
Tags: security
Justification: user security hole

FYI: http://www.ocert.org/advisories/ocert-2010-004.html

Cheers,
        Moritz

-- System Information:
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Information forwarded to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#598590; Package libavcodec0d. (Thu, 30 Sep 2010 10:27:13 GMT) (full text, mbox, link).

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to unknown-package@qa.debian.org. (Thu, 30 Sep 2010 10:27:14 GMT) (full text, mbox, link).

Message #10 received at 598590@bugs.debian.org (full text, mbox, reply):

* Moritz Muehlenhoff <muehlenhoff@univention.de> [2010-09-30 12:09]:
> Package: libavcodec0d

Do you mean libavcodec52?  Or libavcodec-dev?

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug reassigned from package 'libavcodec0d' to 'ffmpeg'. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Sun, 03 Oct 2010 09:45:05 GMT) (full text, mbox, link).

Bug Marked as found in versions ffmpeg/4:0.5.2-5. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Sun, 03 Oct 2010 09:45:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#598590; Package ffmpeg. (Mon, 04 Oct 2010 11:24:05 GMT) (full text, mbox, link).

Acknowledgement sent to Martin Michlmayr <tbm@cyrius.com>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. (Mon, 04 Oct 2010 11:24:05 GMT) (full text, mbox, link).

Message #19 received at 598590@bugs.debian.org (full text, mbox, reply):

----- Forwarded message from Kurt Seifried <kurt@> -----

Date: Sun, 3 Oct 2010 19:16:08 -0600
From: Kurt Seifried <kurt@>
To: muehlenhoff@univention.de, tbm@cyrius.com
Subject: Debian Bug report logs - #598590

The CVE in the report got typoed:

Debian Bug report logs - #598590
CVE-2010-3249: FLIC vulnerabiliry

Should be CVE-2010-3429 (4 and the 2 got swapped).


-- 
Kurt Seifried
kurt@

----- End forwarded message -----

-- 
Martin Michlmayr
http://www.cyrius.com/

Reply sent to Reinhard Tartler <siretart@tauware.de>:
You have taken responsibility. (Tue, 05 Oct 2010 13:21:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Tue, 05 Oct 2010 13:21:05 GMT) (full text, mbox, link).

Message #24 received at 598590-close@bugs.debian.org (full text, mbox, reply):

Source: ffmpeg
Source-Version: 4:0.5.2-6

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:

ffmpeg-dbg_0.5.2-6_i386.deb
  to main/f/ffmpeg/ffmpeg-dbg_0.5.2-6_i386.deb
ffmpeg-doc_0.5.2-6_all.deb
  to main/f/ffmpeg/ffmpeg-doc_0.5.2-6_all.deb
ffmpeg_0.5.2-6.diff.gz
  to main/f/ffmpeg/ffmpeg_0.5.2-6.diff.gz
ffmpeg_0.5.2-6.dsc
  to main/f/ffmpeg/ffmpeg_0.5.2-6.dsc
ffmpeg_0.5.2-6_i386.deb
  to main/f/ffmpeg/ffmpeg_0.5.2-6_i386.deb
libavcodec-dev_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavcodec-dev_0.5.2-6_i386.deb
libavcodec52_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavcodec52_0.5.2-6_i386.deb
libavdevice-dev_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavdevice-dev_0.5.2-6_i386.deb
libavdevice52_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavdevice52_0.5.2-6_i386.deb
libavfilter-dev_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavfilter-dev_0.5.2-6_i386.deb
libavfilter0_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavfilter0_0.5.2-6_i386.deb
libavformat-dev_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavformat-dev_0.5.2-6_i386.deb
libavformat52_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavformat52_0.5.2-6_i386.deb
libavutil-dev_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavutil-dev_0.5.2-6_i386.deb
libavutil49_0.5.2-6_i386.deb
  to main/f/ffmpeg/libavutil49_0.5.2-6_i386.deb
libpostproc-dev_0.5.2-6_i386.deb
  to main/f/ffmpeg/libpostproc-dev_0.5.2-6_i386.deb
libpostproc51_0.5.2-6_i386.deb
  to main/f/ffmpeg/libpostproc51_0.5.2-6_i386.deb
libswscale-dev_0.5.2-6_i386.deb
  to main/f/ffmpeg/libswscale-dev_0.5.2-6_i386.deb
libswscale0_0.5.2-6_i386.deb
  to main/f/ffmpeg/libswscale0_0.5.2-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 598590@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated ffmpeg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 03 Oct 2010 16:59:39 +0200
Source: ffmpeg
Binary: ffmpeg ffmpeg-dbg ffmpeg-doc libavutil49 libavcodec52 libavdevice52 libavformat52 libavfilter0 libpostproc51 libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source i386 all
Version: 4:0.5.2-6
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description: 
 ffmpeg     - multimedia player, server and encoder
 ffmpeg-dbg - Debug symbols for ffmpeg related packages
 ffmpeg-doc - documentation of the ffmpeg API
 libavcodec-dev - development files for libavcodec
 libavcodec52 - ffmpeg codec library
 libavdevice-dev - development files for libavdevice
 libavdevice52 - ffmpeg device handling library
 libavfilter-dev - development files for libavfilter
 libavfilter0 - ffmpeg video filtering library
 libavformat-dev - development files for libavformat
 libavformat52 - ffmpeg file format library
 libavutil-dev - development files for libavutil
 libavutil49 - ffmpeg utility library
 libpostproc-dev - development files for libpostproc
 libpostproc51 - ffmpeg video postprocessing library
 libswscale-dev - development files for libswscale
 libswscale0 - ffmpeg video scaling library
Closes: 598590
Changes: 
 ffmpeg (4:0.5.2-6) unstable; urgency=high
 .
   * Fix several security issues in flicvideo.c.
     Fixes: CVE-2010-3429, Closes: #598590
   * Raising severity to high because of security issue.
Checksums-Sha1: 
 8b9d8ba7852c5e89536fedb4432ee7d3fed12a7f 2360 ffmpeg_0.5.2-6.dsc
 cc1dd17d4dbabba6a2b03826babb8bdda75d0577 59297 ffmpeg_0.5.2-6.diff.gz
 1545afaf580a2cf449f2f08d0896fd9fa7c8677e 233932 ffmpeg_0.5.2-6_i386.deb
 0587f93461ed3a77302426e14ffffcc228c65189 9434888 ffmpeg-dbg_0.5.2-6_i386.deb
 9d99c995b161bfc3fbf210ac72dbbcb801b89a79 13958028 ffmpeg-doc_0.5.2-6_all.deb
 5ba7194946abaf055faf73583bcf0b552e8175cb 90380 libavutil49_0.5.2-6_i386.deb
 1af69538d0009501878a335e89d605f5cb01d8e6 4001600 libavcodec52_0.5.2-6_i386.deb
 27aeb9b982f1e8ed75792d590bb516bd83e0ca96 70754 libavdevice52_0.5.2-6_i386.deb
 c90b2f7c0ec7e229f2689979b1770317aa1b4e4e 708922 libavformat52_0.5.2-6_i386.deb
 e670712f8dbc673d046e45bbf19194114ff7d11b 46616 libavfilter0_0.5.2-6_i386.deb
 dff0f3e4b9bbd8a58ee120c637b5d18c427dc775 189522 libpostproc51_0.5.2-6_i386.deb
 7ee1f8cda6908b2dca4b3ec08d9ef1e7f6d18dcf 227040 libswscale0_0.5.2-6_i386.deb
 94b5aa8a9aa515a2784adacbe9d4be45589a7c09 77332 libavutil-dev_0.5.2-6_i386.deb
 77c64043b1c13c4b2f511ea7212e72aefd7ee0a9 2243646 libavcodec-dev_0.5.2-6_i386.deb
 147d09bcdf848d4c97abfcc42c7cce2933a197d6 55496 libavdevice-dev_0.5.2-6_i386.deb
 8010b4619f942bc2eb70a4ab5961e563eed11d4c 447680 libavformat-dev_0.5.2-6_i386.deb
 0f74c12450de5ccdc7424779a907a4a3e06b8118 51696 libavfilter-dev_0.5.2-6_i386.deb
 f63f1b9ee73c2400717726c2a0f98cead3158c98 113924 libpostproc-dev_0.5.2-6_i386.deb
 aa1e0b4c819c43f53bf647fdb41098f3c098a783 139168 libswscale-dev_0.5.2-6_i386.deb
Checksums-Sha256: 
 a453fa4732d189036ff8ff0acb901e1a25c2f5362b6e6e91fa2029b9c7466107 2360 ffmpeg_0.5.2-6.dsc
 3883a031cd2ff2036e2e7c132a0c0671d1321a7faa006eb85f441ca910c51cf5 59297 ffmpeg_0.5.2-6.diff.gz
 4ee6925af89fd41853afd29a5d1bcd6dd0b765e64fdf034d86fd2e62092938e6 233932 ffmpeg_0.5.2-6_i386.deb
 1a906fe282adee95fc5b15480c63ffe68a08a9821069685212c269dec8866826 9434888 ffmpeg-dbg_0.5.2-6_i386.deb
 32687bd6779f5b237f1734afe626fef4d34de53a10d1c4ea937dda46d3048697 13958028 ffmpeg-doc_0.5.2-6_all.deb
 e70fb2d1612ee6e195fc9318f1bb51c9287a267af79926ba414982c47ce471a3 90380 libavutil49_0.5.2-6_i386.deb
 0fc369d7d004576981cb7be1b24d96959d0dd27f1abb30a2510c520dd7d9fc7e 4001600 libavcodec52_0.5.2-6_i386.deb
 c9fa5c8f63ab8a1fc975a36a4117c2c658b8f2497fe6c0f37d717077a298c682 70754 libavdevice52_0.5.2-6_i386.deb
 283763313ef95c704074b4ceb973cd54b6aa3d6019b5956908f71f870f5669f6 708922 libavformat52_0.5.2-6_i386.deb
 c5e14b3ecf9ee872df0e7e267e6945458f850253c1d96a0f67bfb821c54bfbb1 46616 libavfilter0_0.5.2-6_i386.deb
 174f968457c3a68577558c541e3a64a7500f14b1354def6ce63a47533cd077c8 189522 libpostproc51_0.5.2-6_i386.deb
 66baf4bf04e97c1c753962062953a8439c6ec9e3ea1beaf04e8161ed00af24ec 227040 libswscale0_0.5.2-6_i386.deb
 c22d8084e702fdb220f174c92492bd01e29d56e93841249ce64cfe1ba45123ae 77332 libavutil-dev_0.5.2-6_i386.deb
 f1a700992d7b49f9aa873cf23a5461c618aa434c67c1447b0cb4953eca682eec 2243646 libavcodec-dev_0.5.2-6_i386.deb
 d8b9169a16bb6ba3fa9c8a149e2be2e641780371837bd0ba737960109e05899a 55496 libavdevice-dev_0.5.2-6_i386.deb
 0d4ef901faa8d6b46f3c84235ecd4e4b5050e3223d3dd199732f459d294d6471 447680 libavformat-dev_0.5.2-6_i386.deb
 bb7de0e476123c5039b8bf2e90bbade72f621959b1ea0ea878dde0b6047e3740 51696 libavfilter-dev_0.5.2-6_i386.deb
 20b2f1864fd0220d88dbcd12438f2cecfa5bec03a8c12a900e44235a763794e0 113924 libpostproc-dev_0.5.2-6_i386.deb
 ec4aa92d3de1c21c86ec2b4d0c53c351a8d602954599a1622c7a2fb813e82ea2 139168 libswscale-dev_0.5.2-6_i386.deb
Files: 
 8d918183381677b253fcb88f7c27819e 2360 libs optional ffmpeg_0.5.2-6.dsc
 580f56b43cf30bf08a62e4bcfd48ac20 59297 libs optional ffmpeg_0.5.2-6.diff.gz
 b95e845674cec7796b0bd3f56c2aa9e4 233932 video optional ffmpeg_0.5.2-6_i386.deb
 e0db39569c6a50d418f7d4396159b73a 9434888 debug extra ffmpeg-dbg_0.5.2-6_i386.deb
 62bd78c6c6b199aab42fc646fc475f74 13958028 doc optional ffmpeg-doc_0.5.2-6_all.deb
 5882d279aaf991f20974dd62f7dd9ab6 90380 libs optional libavutil49_0.5.2-6_i386.deb
 a50aae4c8e8b9dd29612407e61bedc22 4001600 libs optional libavcodec52_0.5.2-6_i386.deb
 01d22bacd09536f4e7b133f3429fa32a 70754 libs optional libavdevice52_0.5.2-6_i386.deb
 09fd760cb50aa0686c8d5c35d069e910 708922 libs optional libavformat52_0.5.2-6_i386.deb
 d23f4e2f590dae1069d8987216fb3afa 46616 libs optional libavfilter0_0.5.2-6_i386.deb
 5f5922bb16b3cf812a6c4f2f5d13ba21 189522 libs optional libpostproc51_0.5.2-6_i386.deb
 1e442091d502de3d3fdc3b95cbf8ddcb 227040 libs optional libswscale0_0.5.2-6_i386.deb
 93ee30ba793790988710bf368e37ae25 77332 libdevel optional libavutil-dev_0.5.2-6_i386.deb
 abdaa1c3229bb3a8006ded2e7f826d94 2243646 libdevel optional libavcodec-dev_0.5.2-6_i386.deb
 f048a01ea1a27f9a2ec15b69758f9a1d 55496 libdevel optional libavdevice-dev_0.5.2-6_i386.deb
 6354784fa01296fc386c587550125581 447680 libdevel optional libavformat-dev_0.5.2-6_i386.deb
 58140bb34d23b8db5f9e65e63a917767 51696 libdevel optional libavfilter-dev_0.5.2-6_i386.deb
 c85d4cce6be90996abf07725cb5f6067 113924 libdevel optional libpostproc-dev_0.5.2-6_i386.deb
 80ee36ab33e1a8ffb980ce36bad3d1ac 139168 libdevel optional libswscale-dev_0.5.2-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Debian Powered!

iJwEAQECAAYFAkyrIIwACgkQ78RAoABp8o9aagP/QWp/ESYzoAOfLzHS5XlkbT6F
hEVi1XRDHVSUmRHD81ZcMvq7KR4YwGinuCZy2mHIb1SbKovY03ydly3hB1/kuvLN
cLR9vxTMv8mNMz4AkVP0RwK2IuBF0tGCxILgaLfCA+ENU7VmLWeQHoY97GlkzBCR
wcDSvRXvDtZfKG/mc1I=
=my+w
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 05 Nov 2010 07:35:02 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:39:06 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3249: FLIC vulnerabiliry

Debian Bug report logs - #598590
CVE-2010-3249: FLIC vulnerabiliry

Vulmon Search

About

Products

Connect

CVE-2010-3249: FLIC vulnerabiliry

Debian Bug report logs - #598590 CVE-2010-3249: FLIC vulnerabiliry

Vulmon Search

About

Products

Connect

Debian Bug report logs - #598590
CVE-2010-3249: FLIC vulnerabiliry