begin quotation from Reinhard Tartler (in <caj0ccebl3xsmm+swok3ocfxsore9nq-yyy7r8_4zyazjt5m...@mail.gmail.com>): > Thanks for caring about security in libav. Sorry for the delay. I > tried hard to gather additional information about these issues, but > was not successful.
Yeah, the information politics of the reporters could be more open. > On Mon, Nov 26, 2012 at 8:30 PM, Arne Wichmann <a...@linux.de> wrote: > > > I have here another series of CVEs for ffmpeg/libav: > > > > CVE-2012-2882 > > Libav's ogg decoder is a bit different to the one in FFmpeg. Can you > please provide a testfile so that we can test if this issue affects > Libav at all? I dug around for a bit and found commit 9e1c55cfdec1e1e46fa39b92ea5c425ba9499c68 for ffmpeg, which seems to address the issue. More effort will follow when I find the reserves for that. > > CVE-2012-5359 > > CVE-2012-5360 > > CVE-2012-5361 > > > > For the last 3 http://technet.microsoft.com/en-us/security/msvr/msvr12-017 > > claims that they are fixed in ffmpeg 0.11, but the available information on > > all of them is a bit thin. > > Sorry, without proper information what's going on here, there is > nothing that we can do about this. Again, please provide a sample that > demonstrates the issue. *nod* Same here. cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de)
signature.asc
Description: Digital signature
