Bug#628448: several vulnerabilities: CVE-2011-2162 CVE-2011-2161 CVE-2011-2160
Package: libav Severity: grave Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) ids were published for libav. CVE-2011-2162[0]: | Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as | used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, | 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva | Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, | related to issues originally discovered by Google Chrome developers. CVE-2011-2161[1]: | The ape_read_header function in ape.c in libavformat in FFmpeg before | 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other | products, allows remote attackers to cause a denial of service | (application crash) via an APE (aka Monkey's Audio) file that contains | a header but no frames. CVE-2011-2160[2]: | The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in | MPlayer and other products, does not properly restrict read | operations, which allows remote attackers to have an unspecified | impact via a crafted VC-1 file, a related issue to CVE-2011-0723. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. Cheers, Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2162 http://security-tracker.debian.org/tracker/CVE-2011-2162 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2161 http://security-tracker.debian.org/tracker/CVE-2011-2161 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2160 http://security-tracker.debian.org/tracker/CVE-2011-2160 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk3hvCAACgkQ62zWxYk/rQd1aACfZBs5SZcStYwaRi/5LB5zttpL VPEAn2gZK2qTTba9yMf2XwQKsBrqKGMr =2kvn -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#628448: several vulnerabilities: CVE-2011-2162 CVE-2011-2161 CVE-2011-2160
-BEGIN PGP PUBLIC KEY BLOCK- Version: PGPfreeware 5.5.2 for non-commercial use http://www.pgp.com mQGiBEyZCgcRBADicNN5EuaC9vybee8ID+GrhLWVz8vQVCPPgvwfCt4d+LybJNui nhJ3IzAnjBtBmyevTEfzSwzbhNwBb5UjrIVQ3G6e9YIK1UgHW6lkgop60kG0RazW 8VldcrOU8EJyPzLomif2pFRlVTwv/MkCiko2qb4s7i+OJwn+7un1YaOKawCg/wor fXcn+LgUL8rJcVPrAaDI/2UD/0pMath+t7j1brV/McuqBoD++P/1YlJx48R7qY1Q ilOd2Y9DwZX6vT+LgCZCS7Af7b3596xnQd5JmNOAdrCkUt7ca/XH8zYJ8r2VLsV6 BMtgalB1ddKMdU91inrsQi7zbwl7pH82a8MPKD7TKRGAnoMjijKELMuS6+LDvMEp 3KvMA/0aK+uagGp0HBDePMTycqjrXISFdAeBXVlvjV8C3zJzXRVkbccvdPDBLVk5 jzxsLL03aNQARomtKOjvovTrrydtIlDYmzReYrc3gB3RNJ549tQW7ocZm5wx06PX 88y/57zmKHyvWEr/cOPKYWlTHvPHOVidKIbqOfm8gbTl78kLD7QdU2VyZ2V5XyA8 d2VibWFzdGVyMTk4N0B5YS5ydT6JAEsEEBECAAsFAkyZCgcECwMCAQAKCRChSJ2X p/u4SyvZAJ4gh1JBig0FQJk8XBLx/cXI8F9swwCffTut7Y4S1IZoSMZMQFwgmZf0 7yi0IFNlcmdleV8gPHdlYm1hc3RlcjE5ODdAbmFyb2QucnU+iQBLBBARAgALBQJM mQpsBAsDAgEACgkQoUidl6f7uEsDgQCg6qoWs6R86DmkaxwjoEEaghl7KvcAnj+8 /7Ex9trQMIydUt25KTXdjHo8tCFTZXJnZXlfIDx3ZWJtYXN0ZXIxOTg3QHlhbmRl eC5ydT6JAEsEEBECAAsFAkyZCscECwMCAQAKCRChSJ2Xp/u4S4nxAJ9/yj/ZaKQv nBWWKoSW+OJ3+iuX1QCfU0utLqlGc+/u5Aqy6VTm49H618i5BA0ETJkKBxAQAPkY oH5aBmF6Q5CV3AVsh4bsYezNRR8O2OCjecbJ3HoLrOQ/40aUtjBKU9d8AhZIgLUV 5SmZqZ8HdNP/46HFliBOmGW42A3uEF2rthccUdhQyiJXQym+lehWKzh4XAvb+ExN 1eOqRsz7zhfoKp0UYeOEqU/Rg4Soebbvj6dDRgjGzB13VyQ4SuLE8OiOE2eXTpIT Yfbb6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ngw+Po1gr9oSgmC66prrNlD6IA UwGgfNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkItAjbBJstoXp18mAkKjX4t7eRd efXUkk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1aj FOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZ zf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI /VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjT NP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AK UJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XrPdYXAAICD/95liHyrXWPPiTV5S3H CJyPlkO+3DcoWef0SyoNd0XnV5vOx4VKoJklhmATlxZ6z0fZFoGFg+AkBwcpSVqX nV32ISakxqpiL1Bo/iRyz+qwjFdP/P1OWlM/5TRCbT8x5OWWySoq/J0eJ51dlO7B uvxkeDdjeYs5Sb735Heckp6hdsJ23qfTihlyUzhKqDSKe9mpwIHjL3CWiFcgTHMl wZcqarVvE+0EJg9Mb1tBjzU1eol6ZrScuxoDz0/DPfVeqhiG2l+kpSKXsFngydx7 AA9tUJ6UCfToXL5omspiCM1EEr3siQMxOj5YiYKE6u6JXPmPNq6AcVnyzW+jCz7+ 2qNcafekajzqaTU8jjX1AGRIYIRdy9qyhD6aQCCMpvXRfIYKGiSFxanIj1xluG0x Nz6i9fUVyzu5qOJtWWao9Jl8j3ebLpKIbRf7TGWQNchay2Re5B8x2PfJnPL3NspJ qCBlUX3QPAQfCo6esDOn6OECsF6ehKsVR74VeenrmqAUJPzm+Ejrb9tP/lLdGMzn 7YwpB3IGF4LqbIz38LVXrk5V+jZ3Y8KY9DNhygyYaWfM37Cf9GvalZna7BaUuweh RSgnXI9tAzUJBdeD+ATrIPDkTgR3PhiMmgkVisip55m24mWFFdTDTdKXBEOgpv/V YnK0rQK1lCejVofV8iljqFmweokARgQYEQIABgUCTJkKBwAKCRChSJ2Xp/u4S3Im AKDBmABdu9YNVe82qSuM+Z7oBnZo7ACg4nZlcguyQSMXVUOy45paVL7JlpU= =GNXC -END PGP PUBLIC KEY BLOCK- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org