Your message dated Sat, 02 May 2009 10:27:00 +0200
with message-id <[email protected]>
and subject line Re: ffmpeg-debian: CVE-2009-0385 integer signedness error
has caused the Debian Bug report #524799,
regarding ffmpeg-debian: CVE-2009-0385 integer signedness error
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
524799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524799
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: ffmpeg-debian
severity: important
tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for ffmpeg-debian.
CVE-2009-0385[0]:
| Integer signedness error in the fourxm_read_header function in
| libavformat/4xm.c in FFmpeg before revision 16846 allows remote
| attackers to execute arbitrary code via a malformed 4X movie file with
| a large current_track value, which triggers a NULL pointer
| dereference.
See fedora security announcement for more details [1].
Please coordinate with the security team to prepare updated packages
for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
http://security-tracker.debian.net/tracker/CVE-2009-0385
[1] http://lwn.net/Articles/328039/
--- End Message ---
--- Begin Message ---
found 524799 0.cvs20060823-1
found 524799 0.svn20080206-1
fixed 524799 0.cvs20060823-8+etch1
fixed 524799 0.svn20080206-17+lenny1
fixed 524799 3:0.svn20090303-1
stop
"Michael S. Gilbert" <[email protected]> writes:
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for ffmpeg-debian.
>
> CVE-2009-0385[0]:
> | Integer signedness error in the fourxm_read_header function in
> | libavformat/4xm.c in FFmpeg before revision 16846 allows remote
> | attackers to execute arbitrary code via a malformed 4X movie file with
> | a large current_track value, which triggers a NULL pointer
> | dereference.
>
> See fedora security announcement for more details [1].
>
> Please coordinate with the security team to prepare updated packages
> for the stable releases.
Thanks for your report. I'm closing this bug with this email with
hopefully the correct version information.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
--- End Message ---
