Reinhard Tartler wrote:
>
> >> CVE-2008-4869[0]:
> >> | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
> >> | to cause a denial of service (memory consumption) via unknown vectors,
> >> | aka a "Tcp/udp memory leak."
> >
> > you asked me later to ignore this. ok.
>
> I'm sorry but I misread you. Investigating the issue further, it seems
> to me that this issue is exactly the same as CVE-2008-4866. At least the
> references seem to point to the same svn commits.
The only references in here are the rather dubious Pardus advisory and a
request for more information from Mandriva, it misses a concrete reference
to the actual "Tcp/udp memory leak." Anyway, this isn't something we would
fix in a DSA and since we're very close to release we can skip this for
Lenny.
> I take that CVE-2008-4866 and CVE-2008-4869 are actually dupes.
>
> Summary: the only issue this bug is about is actually CVE-2008-4869,
> where I have committed a patch, but would really need some help with
> verifying the patch.
050_CVE-2008-4866.patch seems correct (although I assume this rather a mere
crasher). I don't know about 050_CVE-2008-4866-2.patch, that's a H264 interna
I don't know anything about.
> As for CVE-2008-4867, see bug #496612. Please raise the severity if you
> think that should be fixed in lenny, but please not that I could really
> need help with that bug as well.
If you prepare an update, please include it, but it wouldn't warrant an
update on its own.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
