Bug#498766: marked as done (ffmpeg-debian: vulnerable to denial-of-service attack (CVE-2008-3230))

Debian Bug Tracking System Wed, 08 Apr 2009 08:43:24 -0700

Your message dated Wed, 8 Apr 2009 11:39:53 -0400
with message-id <[email protected]>
and subject line closing
has caused the Debian Bug report #498766,
regarding ffmpeg-debian: vulnerable to denial-of-service attack (CVE-2008-3230)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
498766: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498766
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: ffmpeg-debian
Version: 0.svn20080206-12
Severity: grave
Tags: security
Justification: user security hole

according to the debian security tracker [1], ffmpeg is known to be
vulnerable to a denial-of-service attack [2].  the description of the
CVE is

  The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial 
  of service (application crash) via a crafted GIF file, possibly related 
  to gstreamer, as demonstrated by lol-giftopnm.gif.

i'm reporting this here to make you aware of the issue, and so the issue
can be tracked as release-critical for etch.  this affects stable, testing, 
and unstable.

thanks for the hard work.

[1] http://security-tracker.debian.net/tracker/CVE-2008-3230
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-etchnhalf.1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

the ffmpeg source package has been remove from the archive, and these
issues are currently fixed in ffmpeg-debian, so there is no reason to
continue to track this issue (see http://bugs.debian.org/498764).

--- End Message ---

Bug#498766: marked as done (ffmpeg-debian: vulnerable to denial-of-service attack (CVE-2008-3230))

Reply via email to