Debian Bug report logs -
#643859
CVE-2011-3504
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Fri, 30 Sep 2011 14:03:01 UTC
Severity: important
Tags: security
Fixed in version libav/4:0.7.2-1
Done: Reinhard Tartler <siretart@tauware.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#643859; Package libav.
(Fri, 30 Sep 2011 14:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(Fri, 30 Sep 2011 14:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libav
Severity: important
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
Discovered by Microsoft :-)
ffmpeg fix:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7e33a66c0e178c3576c1ba1648be4295809adca8
Cheers,
Moritz
Reply sent
to Reinhard Tartler <siretart@tauware.de>:
You have taken responsibility.
(Fri, 30 Sep 2011 21:24:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Fri, 30 Sep 2011 21:24:03 GMT) (full text, mbox, link).
Message #10 received at 643859-close@bugs.debian.org (full text, mbox, reply):
Source: libav
Source-Version: 4:0.7.2-1
We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive:
ffmpeg-dbg_0.7.2-1_i386.deb
to main/liba/libav/ffmpeg-dbg_0.7.2-1_i386.deb
ffmpeg-doc_0.7.2-1_all.deb
to main/liba/libav/ffmpeg-doc_0.7.2-1_all.deb
ffmpeg_0.7.2-1_i386.deb
to main/liba/libav/ffmpeg_0.7.2-1_i386.deb
libav-dbg_0.7.2-1_i386.deb
to main/liba/libav/libav-dbg_0.7.2-1_i386.deb
libav-doc_0.7.2-1_all.deb
to main/liba/libav/libav-doc_0.7.2-1_all.deb
libav-source_0.7.2-1_all.deb
to main/liba/libav/libav-source_0.7.2-1_all.deb
libav_0.7.2-1.debian.tar.gz
to main/liba/libav/libav_0.7.2-1.debian.tar.gz
libav_0.7.2-1.dsc
to main/liba/libav/libav_0.7.2-1.dsc
libav_0.7.2.orig.tar.gz
to main/liba/libav/libav_0.7.2.orig.tar.gz
libavcodec-dev_0.7.2-1_i386.deb
to main/liba/libav/libavcodec-dev_0.7.2-1_i386.deb
libavcodec53_0.7.2-1_i386.deb
to main/liba/libav/libavcodec53_0.7.2-1_i386.deb
libavdevice-dev_0.7.2-1_i386.deb
to main/liba/libav/libavdevice-dev_0.7.2-1_i386.deb
libavdevice53_0.7.2-1_i386.deb
to main/liba/libav/libavdevice53_0.7.2-1_i386.deb
libavfilter-dev_0.7.2-1_i386.deb
to main/liba/libav/libavfilter-dev_0.7.2-1_i386.deb
libavfilter2_0.7.2-1_i386.deb
to main/liba/libav/libavfilter2_0.7.2-1_i386.deb
libavformat-dev_0.7.2-1_i386.deb
to main/liba/libav/libavformat-dev_0.7.2-1_i386.deb
libavformat53_0.7.2-1_i386.deb
to main/liba/libav/libavformat53_0.7.2-1_i386.deb
libavutil-dev_0.7.2-1_i386.deb
to main/liba/libav/libavutil-dev_0.7.2-1_i386.deb
libavutil51_0.7.2-1_i386.deb
to main/liba/libav/libavutil51_0.7.2-1_i386.deb
libpostproc-dev_0.7.2-1_i386.deb
to main/liba/libav/libpostproc-dev_0.7.2-1_i386.deb
libpostproc52_0.7.2-1_i386.deb
to main/liba/libav/libpostproc52_0.7.2-1_i386.deb
libswscale-dev_0.7.2-1_i386.deb
to main/liba/libav/libswscale-dev_0.7.2-1_i386.deb
libswscale2_0.7.2-1_i386.deb
to main/liba/libav/libswscale2_0.7.2-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 643859@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated libav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 30 Sep 2011 21:01:25 +0200
Source: libav
Binary: ffmpeg ffmpeg-dbg libav-dbg libav-source ffmpeg-doc libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source i386 all
Version: 4:0.7.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description:
ffmpeg - Multimedia player, server, encoder and transcoder
ffmpeg-dbg - Debug symbols for Libav related packages
ffmpeg-doc - Documentation of the Libav API (transitional package)
libav-dbg - Debug symbols for Libav related packages
libav-doc - Documentation of the Libav API
libav-source - Patched Libav sources
libavcodec-dev - Development files for libavcodec
libavcodec53 - Libav codec library
libavdevice-dev - Development files for libavdevice
libavdevice53 - Libav device handling library
libavfilter-dev - Development files for libavfilter
libavfilter2 - Libav video filtering library
libavformat-dev - Development files for libavformat
libavformat53 - Libav file format library
libavutil-dev - Development files for libavutil
libavutil51 - Libav utility library
libpostproc-dev - Development files for libpostproc
libpostproc52 - Libav video postprocessing library
libswscale-dev - Development files for libswscale
libswscale2 - Libav video scaling library
Closes: 643859
Changes:
libav (4:0.7.2-1) unstable; urgency=low
.
* New upstream release: 0.7.2
- Security focused release
- Includes Matroska reallocation checks, Closes: #643859
* Drop all post 0.7.1 patches, included upstream.
Checksums-Sha1:
ed452025dcb17a7ccd2feeb8088a090a3e0cc314 2992 libav_0.7.2-1.dsc
a94011bc3a8026b7a6af7b56d8c97617c1a487a0 4926386 libav_0.7.2.orig.tar.gz
bcb7582e2fafe82e09c64ac0c561cbbe484cbe2b 37196 libav_0.7.2-1.debian.tar.gz
1ffe278fd2e39e7588f800bbe23a70dc54544784 446368 ffmpeg_0.7.2-1_i386.deb
aabf1bbb265ede8202d5943d0c14738fd449b0a1 39018 ffmpeg-dbg_0.7.2-1_i386.deb
15d62edb4ad286393e9614da3cf01e0498c19ba5 17980500 libav-dbg_0.7.2-1_i386.deb
8f09baccfb5f97891ac440dd3feb241f9efc0a96 25592734 libav-source_0.7.2-1_all.deb
f2ce51ab1064a01dc13744d968396165fb1982e9 38982 ffmpeg-doc_0.7.2-1_all.deb
93fde50c3d5b4db4b0e5a3a0cc8eeca09190490a 20196712 libav-doc_0.7.2-1_all.deb
44bb513dd6e5f68742b715b0aa0743da1e9d0490 156360 libavutil51_0.7.2-1_i386.deb
19328132f9278aae246c8ff406c03d92644005cd 5294896 libavcodec53_0.7.2-1_i386.deb
18ce08c39830e4f44bb421b1d51dfd51705a6558 81818 libavdevice53_0.7.2-1_i386.deb
31336f77d2677ecd0a500167db778d5527e2d92f 993836 libavformat53_0.7.2-1_i386.deb
62878b309211ab3376c435b6b4f1f5c6fcd445dd 148542 libavfilter2_0.7.2-1_i386.deb
80cbe947f111b7980972551b1f8bdc0408d650eb 153382 libpostproc52_0.7.2-1_i386.deb
a87c6bd4309571735c52e1b4c0a5ca57de8c7fdf 211670 libswscale2_0.7.2-1_i386.deb
6111ba44f761cf0d4ed136cf2309f0aa69fc6782 134872 libavutil-dev_0.7.2-1_i386.deb
d2f4f5d19e172d85aed021a9e941dc37aca70958 3042290 libavcodec-dev_0.7.2-1_i386.deb
f0ae3606e2714c70a402cd8cfe1c0ab4e232ab63 63076 libavdevice-dev_0.7.2-1_i386.deb
6e8abcfdc57c61911f5a4f0348648948990aed21 642716 libavformat-dev_0.7.2-1_i386.deb
c6c7fb1a702a5933fd9978cf69c6d741857d4c3a 116170 libavfilter-dev_0.7.2-1_i386.deb
e40b77ddc6bcff6c8cbb929f12fbcc453c07b521 97578 libpostproc-dev_0.7.2-1_i386.deb
92a9d493c0e7a6abdf0b64572c68dab4a6c07597 137116 libswscale-dev_0.7.2-1_i386.deb
Checksums-Sha256:
b5ef0a0d6f2b71ad250a798ed6f0aa5eb2e999d21fdc221d1570cb97e9093f60 2992 libav_0.7.2-1.dsc
2a625c6ade6fba5911972c05434aa52d5dc7c8ac5cc57f4ec1bf9c03693242b5 4926386 libav_0.7.2.orig.tar.gz
a0f78bfcc11ce5ccb18ca321eca7f3288e3d01da8f540752770e42d1983fa77c 37196 libav_0.7.2-1.debian.tar.gz
4dfe6216d6fda209a098d6def06d2f979bba6d9ae62631c6b165914ea8d4ce21 446368 ffmpeg_0.7.2-1_i386.deb
f90054d583655813f7b4cffaf5101110df7ea2bc359546550f67f8687d6d4de6 39018 ffmpeg-dbg_0.7.2-1_i386.deb
ecb186d26e90e2f8def9cc76732520c5086ef55f6634631155a492aee02f3038 17980500 libav-dbg_0.7.2-1_i386.deb
33a3672dd15692a3871d54ea3737800b6f1b725fb19d64b1bb9af9a6eda561cd 25592734 libav-source_0.7.2-1_all.deb
0bc0e0d2bf3a92378236713a7fdf535f0e82ec37f27271dd5de15f22faa49422 38982 ffmpeg-doc_0.7.2-1_all.deb
784a8a1284112cfc32a64ea6340004fb1054dba3afde99560783cb89144561e5 20196712 libav-doc_0.7.2-1_all.deb
4417c73de218dc9de2547dea7885df08f2bb5cc8b1b5ba858f471d70969931f8 156360 libavutil51_0.7.2-1_i386.deb
b9441c8a726754f4f7e41e2d6ad5bd4b885592a8149a594b5f378f9610c11d35 5294896 libavcodec53_0.7.2-1_i386.deb
c27d66e7e4d580d37f49d8a44e5aadf8a8bcdb181b8bdb7df325df6beae37ef1 81818 libavdevice53_0.7.2-1_i386.deb
969392361eeb091ec685ebbdeeb45d00892397912050053352158a455587b973 993836 libavformat53_0.7.2-1_i386.deb
90f7579bfe7a8cde7ee8c0782c1b9a22c81d1322d4d6d78b260e624ed2ce8852 148542 libavfilter2_0.7.2-1_i386.deb
5921d00d5a859d13a3df9c12c126fe0d6478ed59648a7c2226b841542586572b 153382 libpostproc52_0.7.2-1_i386.deb
80aa19e5e876ac36b90a153995c6e245137719c791ff259d22626a9e5d71cffc 211670 libswscale2_0.7.2-1_i386.deb
f22800187c9ccbaea04c6c29a38b0f050621816be691f462e71fe20d8233c07b 134872 libavutil-dev_0.7.2-1_i386.deb
cac35c8f9f4451824ca64271f7c221b3364d9cc13f86468a8ee647ab8df8e1d3 3042290 libavcodec-dev_0.7.2-1_i386.deb
c1b429a772e02b38a5a5a375dc4f5721511ace2bca1833e06c2cbec60b70da14 63076 libavdevice-dev_0.7.2-1_i386.deb
8e87d0c3589c477f910dd440c4ac7b4a2768ee4912e63eabfe433bcb1c9d41c8 642716 libavformat-dev_0.7.2-1_i386.deb
bd323b35375f12ce847caa5776e0140f79a74ace11e7053449379db75d2fad8f 116170 libavfilter-dev_0.7.2-1_i386.deb
852395509fdb694f404f240da69b7a03497be7413c896389fead3fa50cc54985 97578 libpostproc-dev_0.7.2-1_i386.deb
45b5e2608631f315854ff37547cd3367c3e3d95607a6442bccc9fb75f846cd8c 137116 libswscale-dev_0.7.2-1_i386.deb
Files:
3d6368434b4639f675460cee262d257d 2992 libs optional libav_0.7.2-1.dsc
3996682b7538a53a999f1bb791c3e2d3 4926386 libs optional libav_0.7.2.orig.tar.gz
b3367d1e8575d93138da1e543c072271 37196 libs optional libav_0.7.2-1.debian.tar.gz
40a04ef78fb179ac021d420aeeadd86e 446368 video optional ffmpeg_0.7.2-1_i386.deb
67aa4b028d6bec026252c02850cb1186 39018 debug extra ffmpeg-dbg_0.7.2-1_i386.deb
8692572325f75e2f647169a4372362d7 17980500 debug extra libav-dbg_0.7.2-1_i386.deb
0ad0d4864e371525e7b18f64fb278e0f 25592734 devel optional libav-source_0.7.2-1_all.deb
f287a2e081344deb5df71a139ab00f0d 38982 doc optional ffmpeg-doc_0.7.2-1_all.deb
e127fd007265c75ca4e29daaa57d9c13 20196712 doc optional libav-doc_0.7.2-1_all.deb
3711b113b292c06d4b2fecaa4e36344c 156360 libs optional libavutil51_0.7.2-1_i386.deb
7490881496d05bcaa2b95e251cccd217 5294896 libs optional libavcodec53_0.7.2-1_i386.deb
eb032744daf9238939c8f1cafc2c8d21 81818 libs optional libavdevice53_0.7.2-1_i386.deb
1d960f53466b4a647b4a3bdd1673cd8b 993836 libs optional libavformat53_0.7.2-1_i386.deb
7c7078cbcc5cc749f64d0fd50750a56d 148542 libs optional libavfilter2_0.7.2-1_i386.deb
07bfafb4b693405c0de6ff4c787e7975 153382 libs optional libpostproc52_0.7.2-1_i386.deb
172e555e8294bf0d1cf0ad42230910c4 211670 libs optional libswscale2_0.7.2-1_i386.deb
03b70d021494bcf509ebc957f3746e57 134872 libdevel optional libavutil-dev_0.7.2-1_i386.deb
64f7ba5a18ea85e8e08d12e92e853571 3042290 libdevel optional libavcodec-dev_0.7.2-1_i386.deb
f04af9208b8c870a1be7015963274528 63076 libdevel optional libavdevice-dev_0.7.2-1_i386.deb
31122e2c2c55e19602e9961c27020bd5 642716 libdevel optional libavformat-dev_0.7.2-1_i386.deb
bb88e3eda9829c22478744eb2c4f21c2 116170 libdevel optional libavfilter-dev_0.7.2-1_i386.deb
dd77afcaa6e61674189873a68d74cddd 97578 libdevel optional libpostproc-dev_0.7.2-1_i386.deb
a4b68ec9bdbb18333cc36fdc947c2f34 137116 libdevel optional libswscale-dev_0.7.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Debian Powered!
iEYEARECAAYFAk6GH0QACgkQmAg1RJRTSKQXrACfbs2rtU3AzTsXV2jdLPWda2z5
PhUAn1xHbmcxS7LmUknQ7/50Fkp2MeQ+
=FEG5
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 03 Nov 2011 07:37:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:14:18 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon