Bug#864517: CVE-2017-9465

[Moritz Muehlenhoff]

Source: yara
Severity: important
Tags: security

Please see:
https://github.com/VirusTotal/yara/issues/678
https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661

Cheers,
Moritz

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#864518: CVE-2017-9438

[Moritz Muehlenhoff]

Source: yara
Severity: important
Tags: security

Please see:
https://github.com/VirusTotal/yara/issues/674
Fixed by: 
https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7

Cheers,
Moritz

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#863842: CVE-2017-9304

[Moritz Muehlenhoff]

Source: yara
Severity: important
Tags: security

Please see
https://github.com/VirusTotal/yara/issues/674
https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699

Cheers,
Moritz

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#859821: CVE-2017-5923 CVE-2017-5924 CVE-2016-10210 CVE-2016-10211

[Moritz Muehlenhoff]

Source: yara
Severity: important
Tags: security

Hi,
please see
https://security-tracker.debian.org/tracker/CVE-2017-5924
https://security-tracker.debian.org/tracker/CVE-2017-5923
https://security-tracker.debian.org/tracker/CVE-2016-10210
https://security-tracker.debian.org/tracker/CVE-2016-10211

Cheers,
Moritz

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#751916: Should libphash be removed?

[Moritz Muehlenhoff]

On Wed, Jun 18, 2014 at 04:19:44PM +0200, Holger Levsen wrote:
 Hi,
 
 do you propose removal from stable too or just from sid/testing?

Just from sid.

Cheers,
Moritz

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#751916: Should libphash be removed?

[Moritz Muehlenhoff]

Source: libphash
Severity: serious

- The last maintainer upload was four years ago and since then it
  required five NMUs to keep up with various RC bugs with a new one 
  still open for GCC 4.9
- The version in the archive is outdated compared to current upstream
- Popcon is marginal

Unless someone objects, I'll reassign this bug to ftp.debian.org for
removal soon.

Cheers,
Moritz

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#695097: sleuthkit: Fails to spot files named with a single dot on FAT filesystems

[Moritz Muehlenhoff]

Package: sleuthkit
Severity: normal

I don't consider this a vulnerability, but it was assigned a CVE and should
be fixed up nonetheless: http://seclists.org/oss-sec/2012/q4/384

Cheers,
Moritz

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#638243: Needs to be adapted to libav/0.7.1

[Moritz Muehlenhoff]

tags 638243 patch
thanks

On Wed, Aug 17, 2011 at 04:28:14PM -0700, Evan Klinger wrote:
 FFmpeg has deprecated the CODEC_TYPE_VIDEO constant. It should be
 renamed to AVMEDIA_TYPE_VIDEO.
 This will be corrected in a future version of pHash.

Note, that this has already been patched in Ubuntu, which have already
moved on to libav 0.7. Their patch can be found here, maybe it eases
your work:
http://patches.ubuntu.com/libp/libphash/libphash_0.9.4-1.1ubuntu1.patch

Cheers,
Moritz



___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#638243: Needs to be adapted to libav/0.7.1

[Moritz Muehlenhoff]

Package: libphash
Severity: important

Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
http://en.wikipedia.org/wiki/FFmpeg for more information)

Your package currently fails to build from source when built against
libav/0.7.2 and needs to be adapted. You can test this yourself by
building against the packages from experimental:

cimgffmpeg.cpp:57:82: warning: 'int av_open_input_file(AVFormatContext**, const 
char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared at 
/usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:70:58: error: 'CODEC_TYPE_VIDEO' was not declared in this scope
cimgffmpeg.cpp:134:96: error: 'avcodec_decode_video' was not declared in this 
scope
cimgffmpeg.cpp: In function 'int NextFrames(VFInfo*, 
cimg_library::CImgListunsigned char*)':
cimgffmpeg.cpp:202:7: warning: 'int av_open_input_file(AVFormatContext**, const 
char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared at 
/usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:202:78: warning: 'int av_open_input_file(AVFormatContext**, 
const char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared 
at /usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:216:59: error: 'CODEC_TYPE_VIDEO' was not declared in this scope
cimgffmpeg.cpp:283:51: error: 'avcodec_decode_video' was not declared in this 
scope
cimgffmpeg.cpp: In function 'int GetNumberStreams(const char*)':
cimgffmpeg.cpp:339:6: warning: 'int av_open_input_file(AVFormatContext**, const 
char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared at 
/usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:339:57: warning: 'int av_open_input_file(AVFormatContext**, 
const char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared 
at /usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp: In function 'long int GetNumberVideoFrames(const char*)':
cimgffmpeg.cpp:357:6: warning: 'int av_open_input_file(AVFormatContext**, const 
char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared at 
/usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:357:57: warning: 'int av_open_input_file(AVFormatContext**, 
const char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared 
at /usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:368:53: error: 'CODEC_TYPE_VIDEO' was not declared in this scope
cimgffmpeg.cpp: In function 'float fps(const char*)':
cimgffmpeg.cpp:399:6: warning: 'int av_open_input_file(AVFormatContext**, const 
char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared at 
/usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:399:61: warning: 'int av_open_input_file(AVFormatContext**, 
const char*, AVInputFormat*, int, AVFormatParameters*)' is deprecated (declared 
at /usr/include/./libavformat/avformat.h:1050) [-Wdeprecated-declarations]
cimgffmpeg.cpp:410:54: error: 'CODEC_TYPE_VIDEO' was not declared in this scope
make[3]: *** [cimgffmpeg.lo] Fehler 1
make[3]: Leaving directory `/home/jmm/deb/libav/libphash-0.9.4/src'
make[2]: *** [all-recursive] Fehler 1
make[2]: Leaving directory `/home/jmm/deb/libav/libphash-0.9.4'
make[1]: *** [all] Fehler 2
make[1]: Leaving directory `/home/jmm/deb/libav/libphash-0.9.4'
dh_auto_build: make -j1 returned exit code 2
make: *** [build] Fehler 2
dpkg-buildpackage: Fehler: Fehler-Exitstatus von debian/rules build war 2

Cheers,
Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel