Package: libavcodec53 Version: 6:0.8.7-1 Severity: grave Tags: security Justification: user security hole
Dear Maintainer, I have here another series of CVEs for libav. Some of these are fixed, some of these I was not able to check. Those without comment were checked by me and seem valid - at least to me. CVE-2013-0845 CVE-2013-0846 CVE-2013-0847 - vim '+/while (avio_tell(s->pb) < end' libavformat/id3v2.c above command brings you to the suspected problem position in libav, the problem looks solved to me This one is actually for libavformat, but I include it here for simplicity CVE-2013-0848 - I was not able to find the problem in libav CVE-2013-0849 - fixed in experimental CVE-2013-0850 - seems fixed in experimental CVE-2013-0851 CVE-2013-0852 CVE-2013-0853 CVE-2013-0854 - fixed in experimental CVE-2013-0855 - looks invalid as the problem is checked in alac_set_info CVE-2013-0856 CVE-2013-0857 CVE-2013-0858 - I was not able to find the problem in libav CVE-2013-0860 - I was not able to find the problem in libav CVE-2013-0861 CVE-2013-0865 - fixed in experimental CVE-2013-0866 - looks fixed. am I correct? CVE-2013-0867 - I was not able to find the problem in libav CVE-2013-0868 CVE-2013-0869 - looks fixed. am I correct? CVE-2013-0870 - seems to be invalid - relevant code fragment is not present in libav CVE-2013-0873 - looks fixed. am I correct? CVE-2013-0874 - seems to be invalid - relevant code fragment is not present in libav CVE-2013-3670 looks valid - libav commits given in security tracker fix different things AFAICS CVE-2013-3672 CVE-2013-3674 I hope these cses are a bit more well-defined as those I sent in January. cu soon, hopefully, AW -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9.8 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages libavcodec53 depends on: ii libavutil51 6:0.8.7-1 ii libc6 2.17-7 ii libdirac-encoder0 1.0.2-6 ii libgsm1 1.0.13-4 ii libmp3lame0 3.99.5+repack1-3 ii libopenjpeg2 1.3+dfsg-4.6 ii libschroedinger-1.0-0 1.0.11-2 ii libspeex1 1.2~rc1-7 ii libtheora0 1.1.1+dfsg.1-3.1 ii libva1 1.1.1-3 ii libvorbis0a 1.3.2-1.3 ii libvorbisenc2 1.3.2-1.3 ii libvpx1 1.2.0-2 ii libx264-123 2:0.123.2189+git35cf912-1 ii libxvidcore4 2:1.3.2-9 ii multiarch-support 2.17-7 ii zlib1g 1:1.2.8.dfsg-1 libavcodec53 recommends no packages. libavcodec53 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org