Debian Bug report logs -
#773626
libav: multiple security issues
Reported by: Michael Gilbert <mgilbert@debian.org>
Date: Sun, 21 Dec 2014 04:33:01 UTC
Severity: serious
Tags: fixed-upstream, security
Found in version libav/6:0.8.5-1
Fixed in versions libav/6:11.2-1, 6:0.8.17-1
Done: Sebastian Ramacher <sramacher@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#773626
; Package src:libav
.
(Sun, 21 Dec 2014 04:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Sun, 21 Dec 2014 04:33:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: src:libav
version: 6:0.8.16-1
severity: serious
tags: security
Hi,
the following vulnerabilities were published for libav.
CVE-2014-8541[0]:
| libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
| differences, and not bits-per-pixel differences, when determining
| whether an image size has changed, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted MJPEG data.
CVE-2014-8542[1]:
| libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID
| during enforcement of alignment, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted JV data.
CVE-2014-8543[2]:
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all
| lines of HHV Intra blocks during validation of image height, which
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted MM video
| data.
CVE-2014-8543[3]:
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all
| lines of HHV Intra blocks during validation of image height, which
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted MM video
| data.
CVE-2014-8544[4]:
| libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
| bits-per-pixel fields, which allows remote attackers to cause a denial
| of service (out-of-bounds access) or possibly have unspecified other
| impact via crafted TIFF data.
CVE-2014-8545[5]:
| libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the
| monochrome-black format without verifying that the bits-per-pixel
| value is 1, which allows remote attackers to cause a denial of service
| (out-of-bounds access) or possibly have unspecified other impact via
| crafted PNG data.
CVE-2014-8546[6]:
| Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
| allows remote attackers to cause a denial of service (out-of-bounds
| access) or possibly have unspecified other impact via crafted Cinepak
| video data.
CVE-2014-8547[7]:
| libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute
| image heights, which allows remote attackers to cause a denial of
| service (out-of-bounds access) or possibly have unspecified other
| impact via crafted GIF data.
CVE-2014-8548[8]:
| Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows
| remote attackers to cause a denial of service (out-of-bounds access)
| or possibly have unspecified other impact via crafted Quicktime
| Graphics (aka SMC) video data.
CVE-2014-8549[9]:
| libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the
| number of channels to at most 2, which allows remote attackers to
| cause a denial of service (out-of-bounds access) or possibly have
| unspecified other impact via crafted On2 data.
CVE-2014-9316[10]:
| The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
| before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
| remote attackers to cause a denial of service (out-of-bounds heap
| access) and possibly have other unspecified impact via vectors related
| to LJIF tags in an MJPEG file.
CVE-2014-9318[11]:
| The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
| 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
| cause a denial of service (out-of-bounds heap access) and possibly
| have other unspecified impact via a crafted .cine file that triggers
| the avpicture_get_size function to return a negative frame size.
CVE-2014-9319[12]:
| The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
| before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
| remote attackers to cause a denial of service (out-of-bounds access)
| via a crafted .bit file.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8541
[1] https://security-tracker.debian.org/tracker/CVE-2014-8542
[2] https://security-tracker.debian.org/tracker/CVE-2014-8543
[3] https://security-tracker.debian.org/tracker/CVE-2014-8543
[4] https://security-tracker.debian.org/tracker/CVE-2014-8544
[5] https://security-tracker.debian.org/tracker/CVE-2014-8545
[6] https://security-tracker.debian.org/tracker/CVE-2014-8546
[7] https://security-tracker.debian.org/tracker/CVE-2014-8547
[8] https://security-tracker.debian.org/tracker/CVE-2014-8548
[9] https://security-tracker.debian.org/tracker/CVE-2014-8549
[10] https://security-tracker.debian.org/tracker/CVE-2014-9316
[11] https://security-tracker.debian.org/tracker/CVE-2014-9318
[12] https://security-tracker.debian.org/tracker/CVE-2014-9319
Please adjust the affected versions in the BTS as needed.
No longer marked as found in versions libav/6:0.8.16-1.
Request was from Michael Gilbert <mgilbert@debian.org>
to control@bugs.debian.org
.
(Sun, 21 Dec 2014 17:54:14 GMT) (full text, mbox, link).
Marked as found in versions libav/6:0.8.8-1.
Request was from Michael Gilbert <mgilbert@debian.org>
to control@bugs.debian.org
.
(Sun, 21 Dec 2014 18:00:08 GMT) (full text, mbox, link).
Marked as found in versions libav/6:0.8.5-1.
Request was from Michael Gilbert <mgilbert@debian.org>
to control@bugs.debian.org
.
(Sun, 21 Dec 2014 18:09:14 GMT) (full text, mbox, link).
No longer marked as found in versions libav/6:0.8.8-1.
Request was from Michael Gilbert <mgilbert@debian.org>
to control@bugs.debian.org
.
(Sun, 21 Dec 2014 18:09:15 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#773626
; Package src:libav
.
(Sat, 17 Jan 2015 12:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Neil Williams <codehelp@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Sat, 17 Jan 2015 12:30:05 GMT) (full text, mbox, link).
Message #18 received at 773626@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Just to update the bug for others scanning the RC bug list...
https://security-tracker.debian.org/tracker/CVE-2014-8545
- libav <not-affected> (Vulnerable code not present)
CVE-2014-8545[5]:
| libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the
| monochrome-black format without verifying that the bits-per-pixel
| value is 1, which allows remote attackers to cause a denial of service
| (out-of-bounds access) or possibly have unspecified other impact via
| crafted PNG data.
So this one can be discounted from the list.
Other patches exist as upstream commits linked from the security
tracker:
CVE-2014-8541, CVE-2014-8542, CVE-2014-8543, CVE-2014-8547,
CVE-2014-8548, CVE-2014-8549
https://git.libav.org/?p=libav.git;a=patch;h=809c3023b699c54c90511913d3b6140dd2436550
https://git.libav.org/?p=libav.git;a=patch;h=88626e5af8d006e67189bf10b96b982502a7e8ad
https://git.libav.org/?p=libav.git;a=patch;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
https://git.libav.org/?p=libav.git;a=patch;h=0b39ac6f54505a538c21fe49a626de94c518c903
https://git.libav.org/?p=libav.git;a=patch;h=d423dd72be451462c6fb1cbbe313bed0194001ab
https://git.libav.org/?p=libav.git;a=patch;h=cee4490b521fd0d02476d46aa2598af24fb8d686
Five CVEs therefore remain without upstream patches in libav:
https://security-tracker.debian.org/tracker/CVE-2014-8544
https://security-tracker.debian.org/tracker/CVE-2014-8546
https://security-tracker.debian.org/tracker/CVE-2014-9316
https://security-tracker.debian.org/tracker/CVE-2014-9318
https://security-tracker.debian.org/tracker/CVE-2014-9319
Each of these has fixes upstream in ffmpeg but it'll need someone with
more familiarity with the mpeg source code than me to investigate
whether the fixes in ffmpeg can become fixes in libav.
--
Neil Williams
=============
http://www.linux.codehelp.co.uk/
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#773626
; Package src:libav
.
(Sat, 17 Jan 2015 12:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Ramacher <sramacher@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Sat, 17 Jan 2015 12:45:04 GMT) (full text, mbox, link).
Message #23 received at 773626@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 2015-01-17 12:27:20, Neil Williams wrote:
> Just to update the bug for others scanning the RC bug list...
>
> https://security-tracker.debian.org/tracker/CVE-2014-8545
> - libav <not-affected> (Vulnerable code not present)
> CVE-2014-8545[5]:
> | libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the
> | monochrome-black format without verifying that the bits-per-pixel
> | value is 1, which allows remote attackers to cause a denial of service
> | (out-of-bounds access) or possibly have unspecified other impact via
> | crafted PNG data.
>
> So this one can be discounted from the list.
>
> Other patches exist as upstream commits linked from the security
> tracker:
>
> CVE-2014-8541, CVE-2014-8542, CVE-2014-8543, CVE-2014-8547,
> CVE-2014-8548, CVE-2014-8549
>
> https://git.libav.org/?p=libav.git;a=patch;h=809c3023b699c54c90511913d3b6140dd2436550
> https://git.libav.org/?p=libav.git;a=patch;h=88626e5af8d006e67189bf10b96b982502a7e8ad
> https://git.libav.org/?p=libav.git;a=patch;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
> https://git.libav.org/?p=libav.git;a=patch;h=0b39ac6f54505a538c21fe49a626de94c518c903
> https://git.libav.org/?p=libav.git;a=patch;h=d423dd72be451462c6fb1cbbe313bed0194001ab
> https://git.libav.org/?p=libav.git;a=patch;h=cee4490b521fd0d02476d46aa2598af24fb8d686
>
> Five CVEs therefore remain without upstream patches in libav:
>
> https://security-tracker.debian.org/tracker/CVE-2014-8544
> https://security-tracker.debian.org/tracker/CVE-2014-8546
> https://security-tracker.debian.org/tracker/CVE-2014-9316
> https://security-tracker.debian.org/tracker/CVE-2014-9318
> https://security-tracker.debian.org/tracker/CVE-2014-9319
>
> Each of these has fixes upstream in ffmpeg but it'll need someone with
> more familiarity with the mpeg source code than me to investigate
> whether the fixes in ffmpeg can become fixes in libav.
Thanks for taking the time for investigating the issue. We are currently
waiting for 11.2 tarballs to appear. They have been taged already and
tarball just needs to be released.
Cheers
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
:
Bug#773626
; Package src:libav
.
(Sat, 17 Jan 2015 19:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Ramacher <sramacher@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
.
(Sat, 17 Jan 2015 19:57:05 GMT) (full text, mbox, link).
Message #28 received at 773626@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: clone -1 -2
Control: retitle -2 libav: CVE-2014-{8544,8546,9316,9318,9319}
Control: tags -1 + fixed-upstream pending
On 2014-12-20 23:31:11, Michael Gilbert wrote:
> CVE-2014-8544[4]:
> | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate
> | bits-per-pixel fields, which allows remote attackers to cause a denial
> | of service (out-of-bounds access) or possibly have unspecified other
> | impact via crafted TIFF data.
> CVE-2014-8546[6]:
> | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2
> | allows remote attackers to cause a denial of service (out-of-bounds
> | access) or possibly have unspecified other impact via crafted Cinepak
> | video data.
> CVE-2014-9316[10]:
> | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg
> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> | remote attackers to cause a denial of service (out-of-bounds heap
> | access) and possibly have other unspecified impact via vectors related
> | to LJIF tags in an MJPEG file.
> CVE-2014-9318[11]:
> | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6,
> | 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to
> | cause a denial of service (out-of-bounds heap access) and possibly
> | have other unspecified impact via a crafted .cine file that triggers
> | the avpicture_get_size function to return a negative frame size.
> CVE-2014-9319[12]:
> | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg
> | before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows
> | remote attackers to cause a denial of service (out-of-bounds access)
> | via a crafted .bit file.
> [4] https://security-tracker.debian.org/tracker/CVE-2014-8544
> [6] https://security-tracker.debian.org/tracker/CVE-2014-8546
> [10] https://security-tracker.debian.org/tracker/CVE-2014-9316
> [11] https://security-tracker.debian.org/tracker/CVE-2014-9318
> [12] https://security-tracker.debian.org/tracker/CVE-2014-9319
I'm cloning this bug report to keep track of the unfixed CVEs.
Cheers
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Bug 773626 cloned as bug 775593
Request was from Sebastian Ramacher <sramacher@debian.org>
to 773626-submit@bugs.debian.org
.
(Sat, 17 Jan 2015 19:57:05 GMT) (full text, mbox, link).
Added tag(s) pending and fixed-upstream.
Request was from Sebastian Ramacher <sramacher@debian.org>
to 773626-submit@bugs.debian.org
.
(Sat, 17 Jan 2015 19:57:06 GMT) (full text, mbox, link).
Reply sent
to Sebastian Ramacher <sramacher@debian.org>
:
You have taken responsibility.
(Sat, 17 Jan 2015 21:21:24 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>
:
Bug acknowledged by developer.
(Sat, 17 Jan 2015 21:21:24 GMT) (full text, mbox, link).
Message #37 received at 773626-close@bugs.debian.org (full text, mbox, reply):
Source: libav
Source-Version: 6:11.2-1
We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 773626@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated libav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 17 Jan 2015 20:56:19 +0100
Source: libav
Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra
Architecture: source all
Version: 6:11.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description:
libav-dbg - Debug symbols for Libav related packages
libav-doc - Documentation of the Libav API
libav-tools - Multimedia player, encoder and transcoder
libavcodec-dev - Development files for libavcodec
libavcodec-extra - Libav codec library (additional codecs meta-package)
libavcodec-extra-56 - Libav codec library (additional codecs)
libavcodec56 - Libav codec library
libavdevice-dev - Development files for libavdevice
libavdevice55 - Libav device handling library
libavfilter-dev - Development files for libavfilter
libavfilter5 - Libav video filtering library
libavformat-dev - Development files for libavformat
libavformat56 - Libav file format library
libavresample-dev - Development files for libavresample
libavresample2 - Libav audio resampling library
libavutil-dev - Development files for libavutil
libavutil54 - Libav utility library
libswscale-dev - Development files for libswscale
libswscale3 - Libav video scaling library
Closes: 773055 773626
Changes:
libav (6:11.2-1) unstable; urgency=medium
.
* New upstream release fixing multiple security issues. (Closes: #773626)
- h464: restore a block mistakenly removed in e10fd08a
- on2avc: check number of channels (CVE-2014-8549)
- smc: fix the bounds check (CVE-2014-8548)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mjpegdec: check for pixel format changes (CVE-2014-8541)
- mov: avoid a memleak when multiple stss boxes are present
- vc1: Do not assume seek happens after decoding
- avconv: Use the mpeg12 private option scan_offset (Closes: #773055)
- xsub: Support DXSA subtitles
- mp3dec: fix reading the Xing tag
- matroskaenc: write correct Display{Width, Height} in stereo encoding
- configure: Fix enabling memalign_hack automatically
- mp3enc: fix a triggerable assert
- latm: Do not give a score for a single instance
- mp3: Tweak the probe scores
- matroskaenc: write correct Display{Width, Height} in stereo encoding
- coverity: Fix most of the reported warnings and issues
* debian/control: Add myself to Uploaders.
Checksums-Sha1:
cb4beda65e1622b42c8b86e6b336f77f99deb1f5 3945 libav_11.2-1.dsc
52ba52cabe5d86b45ce62f56e11fa7912c6e5083 4855224 libav_11.2.orig.tar.xz
e331fb19f3d7cdf0b338a749b8e12c318c5f94a5 67392 libav_11.2-1.debian.tar.xz
3598f3ed2a7aa3051fef8bbdb664f1acb98cdc14 18628804 libav-doc_11.2-1_all.deb
b355e200173d0ee54778aa0fa6f0b8526115423d 57112 libavcodec-extra_11.2-1_all.deb
Checksums-Sha256:
31780b8fe22d42c6f699ad248221dcb4f288ca312ed51d2dae08bbe5d650f41f 3945 libav_11.2-1.dsc
48f4a36cd823f2449d1e45b114371033dc68f0e09ff0f7c841405c09a707682e 4855224 libav_11.2.orig.tar.xz
9e3db24d45c8ec17e3ffc2e3926aa14eeb2f45557a7b02a54d0a2097c229837a 67392 libav_11.2-1.debian.tar.xz
b28ed96ac757bdab6774b1d0d0e0162c2e5e6276feca8a86cdd43d91aaa01b11 18628804 libav-doc_11.2-1_all.deb
4bd8b4f4abc56b9460687c1cb7f0af47c5c8c30638d30dbde0936ab68a1cdb93 57112 libavcodec-extra_11.2-1_all.deb
Files:
ed02af27bf51d801208397d1c3a200dd 3945 libs optional libav_11.2-1.dsc
b8680998ad53376c37508688293ecaa4 4855224 libs optional libav_11.2.orig.tar.xz
fe393245fbe69823e53ca5bf6835106f 67392 libs optional libav_11.2-1.debian.tar.xz
95c20dfd661a6c2e0908f5920ae91f50 18628804 doc optional libav-doc_11.2-1_all.deb
2953f572c244daa715cc35a0441f29b4 57112 metapackages extra libavcodec-extra_11.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUusKXAAoJEGny/FFupxmTw5YP+QEfG/ylKUfpqxu9TeWaIIrL
Q/QpnMcaWgskXJhZ6Zcfo10WSYmVR7jLGXJkSeJI0rCY6n+L+Bq6dUshJTzIK+wi
C8je652tIYky5E9EBJbJCsF5FOmYCncxhs00CrVoqmHCYIgLPQh6a8HbCPpnV+qt
qYjTG0E5injDoMN6yQW8m1T4028MVLAygCeXAsdi5pBCDLi4uCMgO16Bja3BBVZY
9b8nM5AtQ7XDcdSiK9W1ZqTtdX8bAJ6KdqfQF5AbDZ6nLsrLbXPlgBGm8cREt313
ox0wmtqdG9OGMTAxz8+RkrRukmxmCVT45J8jAzbCha6/XZfHY3RhhWs/iN7Q8oAK
FmzjXwwwvV1GeM7UU8HsG6s+AX5EqpsOu499QZh4N0ANU/H7ddPmWHOQE1AiW0pv
KhOcgGr0t54YS6CxH4VJxKphAJqB6zfTzDp4J/BCvpqbzQ4rMrmBnjsHYWT7tU/f
f/2LUtgB3N1hPxjcqz8JoJduaGU580e5exC8zazAa88TWCG7TA/VOr5MJ6zNKtMz
ou8WTUFuO5G6xpTp2wjVJq9ZV5Lwym1RZrd35G80jst0O0+dztcqiARIM+2j2h9Z
pX79fIQkTU1PH4TuSmlxd0OXyy0okcbMg6LoSy0SipJ3PFmdWdD3H3qUz5j0SgC3
JG2V0SLxj/ee17dcQrDY
=mqSu
-----END PGP SIGNATURE-----
Reply sent
to Sebastian Ramacher <sramacher@debian.org>
:
You have taken responsibility.
(Sun, 15 Mar 2015 20:15:17 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>
:
Bug acknowledged by developer.
(Sun, 15 Mar 2015 20:15:17 GMT) (full text, mbox, link).
Message #42 received at 773626-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 6:0.8.17-1
On 2014-12-20 23:31:11, Michael Gilbert wrote:
> package: src:libav
> version: 6:0.8.16-1
> severity: serious
> tags: security
>
> Hi,
>
> the following vulnerabilities were published for libav.
Forgot to close this bug in the changelog, doing so now.
Cheers
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 24 May 2015 07:40:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:01:28 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.