Your message dated Sat, 21 Jan 2006 09:47:10 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#342207: fixed in ffmpeg 0.cvs20050918-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Dec 2005 09:41:39 +0000
>From [EMAIL PROTECTED] Tue Dec 06 01:41:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111] 
helo=vserver151.vserver151.serverflex.de)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EjZKN-0004xs-Dy
        for [EMAIL PROTECTED]; Tue, 06 Dec 2005 01:41:39 -0800
Received: from wlan-client-022.informatik.uni-bremen.de ([134.102.116.23] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1EjZKK-0001Ju-8L
        for [EMAIL PROTECTED]; Tue, 06 Dec 2005 10:41:36 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.60)
        (envelope-from <[EMAIL PROTECTED]>)
        id 1EjZJt-0001VY-SM; Tue, 06 Dec 2005 10:41:09 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: ffmpeg: Exploitable heap overflow in libavcodec's image handling
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: reportbug 3.18
Date: Tue, 06 Dec 2005 10:41:08 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.23
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: ffmpeg
Version: 0.cvs20050918-5
Severity: grave
Tags: security
Justification: user security hole

An exploitable heap overflow has been found in libavcodec's handling
of images with PIX_FMT_PAL8 pixel formats. Please see 
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
for more information and a demo image.

Upstream's fix can be found at
http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages ffmpeg depends on:
ii  libc6                   2.3.5-8.1        GNU C Library: Shared libraries an
ii  libdc1394-13            1.1.0-2          high level programming interface f
ii  libfreetype6            2.1.10-1         FreeType 2 font engine, shared lib
ii  libgsm1                 1.0.10-13        Shared libraries for GSM speech co
ii  libimlib2               1.2.1-2          powerful image loading and renderi
ii  libogg0                 1.1.2-1          Ogg Bitstream Library
ii  libraw1394-5            0.10.1-1.1       library for direct access to IEEE 
ii  libsdl1.2debian         1.2.9-0.0        Simple DirectMedia Layer
ii  libtheora0              0.0.0.alpha4-1.1 The Theora Video Compression Codec
ii  libvorbis0a             1.1.0-1          The Vorbis General Audio Compressi
ii  libvorbisenc2           1.1.0-1          The Vorbis General Audio Compressi
ii  libx11-6                6.8.2.dfsg.1-11  X Window System protocol client li
ii  xlibs                   6.8.2.dfsg.1-11  X Window System client libraries m
ii  zlib1g                  1:1.2.3-8        compression library - runtime

ffmpeg recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 342207-close) by bugs.debian.org; 21 Jan 2006 17:50:57 +0000
>From [EMAIL PROTECTED] Sat Jan 21 09:50:57 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
        id 1F0MpS-00086h-6Z; Sat, 21 Jan 2006 09:47:10 -0800
From: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#342207: fixed in ffmpeg 0.cvs20050918-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 21 Jan 2006 09:47:10 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: ffmpeg
Source-Version: 0.cvs20050918-6

We believe that the bug you reported is fixed in the latest version of
ffmpeg, which is due to be installed in the Debian FTP archive:

ffmpeg_0.cvs20050918-6.diff.gz
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.diff.gz
ffmpeg_0.cvs20050918-6.dsc
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6.dsc
ffmpeg_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/ffmpeg_0.cvs20050918-6_i386.deb
libavcodec-dev_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/libavcodec-dev_0.cvs20050918-6_i386.deb
libavformat-dev_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/libavformat-dev_0.cvs20050918-6_i386.deb
libpostproc-dev_0.cvs20050918-6_i386.deb
  to pool/main/f/ffmpeg/libpostproc-dev_0.cvs20050918-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> (supplier of updated ffmpeg 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 21 Jan 2006 16:51:26 +0100
Source: ffmpeg
Binary: libavformat-dev ffmpeg libavcodec-dev libpostproc-dev
Architecture: source i386
Version: 0.cvs20050918-6
Distribution: unstable
Urgency: low
Maintainer: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Changed-By: Sam Hocevar (Debian packages) <[EMAIL PROTECTED]>
Description: 
 ffmpeg     - multimedia player, server and encoder
 libavcodec-dev - development files for libavcodec
 libavformat-dev - development files for libavformat
 libpostproc-dev - development files for libpostproc
Closes: 337846 338895 342207
Changes: 
 ffmpeg (0.cvs20050918-6) unstable; urgency=low
 .
   * Developer upload.
   * Acknowledge NMU. Thanks to Samuel Mimram (Closes: #342207).
   * configure:
     + Set RUNTIME_CPUDETECT (except on m68k where it ICEs and on x86 where it
       fails to build some asm constructs) (Closes: #337846).
   * debian/rules:
     + Make the build process aware of DEB_BUILD_OPTIONS, thanks to Timo
       Lindfors (Closes: #338895).
Files: 
 c4a4fa61a29e7716fa2a6b0997487297 849 libs optional ffmpeg_0.cvs20050918-6.dsc
 d9b20def819d497a95480ca5a4268e03 13927 libs optional 
ffmpeg_0.cvs20050918-6.diff.gz
 5ae9a438fea578e25a59cce9b3b2e0b1 4199046 graphics optional 
ffmpeg_0.cvs20050918-6_i386.deb
 1a28db130123572fe2da025ef84e62f7 2540706 libdevel optional 
libavcodec-dev_0.cvs20050918-6_i386.deb
 0f5210e67630db9c1e7e5959cb73b761 46594 libdevel optional 
libpostproc-dev_0.cvs20050918-6_i386.deb
 7a94b2dce4ce9d0e53cdcbd42a297911 545206 libdevel optional 
libavformat-dev_0.cvs20050918-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0m1NfPP1rylJn2ERAkl+AJ4p+bVBWcAX7Z3bxT/NXHx9n4Ov7wCcChm2
8GD8/2d0Cby2LPs1Wf6eubs=
=uDNU
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to