Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [reformatted] begin quotation from Sebastian Ramacher (in 20150518184906.ga22...@ramacher.at): On 2015-05-18 20:01:47, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:43:37PM +0200, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: On 2015-05-14 20:41:15, Arne Wichmann wrote: Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Unfortunately the reproducer isn't public. I contacted ffmpeg-security about it, I'll keep you posted. I got the reproducer from ffmpeg and it seems that libav in sid isn't affected like Sebastian said. So yeah, this bug should stay closed. I don't know if the patch linked above is what fixed the issue though. Great! Thank you for checking. I am not amused about the closedness with that this was handled - but I am very sure that you are not to blame for this. cu AW - -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVWwSMAAoJEENYfBy4DUs+lIEP+wQPZB4LPpuc9IfA94jAfEuy 4NY3lGOcF7EZmMKqD0Ha2xhrO1IINTwT7Ifkz/cseJMnqaibP+7FHC2dFoPgQNYR AabT7oGvT3nsWidFJhlnWS2UlRu2oq2MAS2cvCy4bD98EyOl6CGs+Bnv6ZlUVClM qadtfa+s+xGIfrLVntRP5ZGp+pkcYYQcVFCKnR5KVIuYzA0iryw2tORB4bEV56Bi xwEFFXvCta9z8VQs4D6dnmSvIvLBhcyP5zzSQFrqRNXIxbNHSDNyWxQHy5ACzm8Z 9vAL0wZPv6tpCkjrfYlF6pkewtlcUdlnU7pZObpfXfOnc3qS6SJHLnPe77KSWMQ8 TOqneKXtLH2Py0Vt0PxE/vAP5O6rcDl5ixIsDwcdkYQMBNgUTBTlaFCuK3zVSr0Q s4y7fNoMQ/ruff9L3CNuWLvTtMgzM5HwY+krNvl70ctXj0ah2WZatNvF8D0BQ85C O+p79rxfwNWN5pwL7KxkarppwGktZDF7ekjQeNutZwZ+NccCJaaxOGpUbWPFEcya m4ceYsU3tp+QufOCGv9kGrvuxeI6Hz17xN3+bF2uc6A76/nj3gtjRjghnYtzOPzX Fr6y5Ecd44rxy74nkRYCpcvxfSe63GR7/u4VJwCGJ1D3wygnEAloJxFJHIq3UjEJ xn5UfNHp+Ho4XMVSHUfP =3job -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On Sat, May 16, 2015 at 03:43:37PM +0200, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Unfortunately the reproducer isn't public. I contacted ffmpeg-security about it, I'll keep you posted. I got the reproducer from ffmpeg and it seems that libav in sid isn't affected like Sebastian said. So yeah, this bug should stay closed. I don't know if the patch linked above is what fixed the issue though. Cheers signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On 2015-05-18 20:01:47, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:43:37PM +0200, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Unfortunately the reproducer isn't public. I contacted ffmpeg-security about it, I'll keep you posted. I got the reproducer from ffmpeg and it seems that libav in sid isn't affected like Sebastian said. So yeah, this bug should stay closed. I don't know if the patch linked above is what fixed the issue though. Great! -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On 2015-05-16 15:43:37, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Unfortunately the reproducer isn't public. I contacted ffmpeg-security about it, I'll keep you posted. Thank you. Cheers -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Cheers -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? Unfortunately the reproducer isn't public. I contacted ffmpeg-security about it, I'll keep you posted. Cheers signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On 2015-05-16 15:28:44, Arne Wichmann wrote: begin quotation from Sebastian Ramacher (in 20150516130757.ga21...@ramacher.at): On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? There is one referenced in various messages relating to CVE-2014-7937: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg unfortunately it is not publicly available AFAICS. You might ask upstream about it. I did. libav developers do not seem to have it. So please provide a sample. Cheers -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 begin quotation from Sebastian Ramacher (in 20150516130757.ga21...@ramacher.at): On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? There is one referenced in various messages relating to CVE-2014-7937: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg unfortunately it is not publicly available AFAICS. You might ask upstream about it. cu AW - -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVV0YMAAoJEENYfBy4DUs++FAP/j6NA8gP37qu4hHTFK9rKc+3 ddj3sClTKQ3d8aC2xq3+rgxjUo35YiPgY3sdcTb4Sni5rm8acHpo0NdDlkpPdFS4 gR3nx3t0GEAqe55aLzUls6Rq9U9fWwHrhjl+Kbhr6zNR+XtXoDMj12GA3ICcJp7J ucvMZtpbJhaTJwvqsljn7IAvjgdikAdtxiRqPXHbeAAwKYJkU5Bdlu9eB+YtXABF IAHU8Qyc4PaJ4o/kbv+C5IBk8ILqhZPjTNSdljJryJTPBkH/R5P9VFjJs/rcSh8O nB2bUmXcRX/+tw5GFcLvYrpivylCpQPLebp2gQjoAUuj8ARS931pGEiFxThqffP+ 53F+lG/tIXpO53Yn/CpoOkGm0sjgApSRDgCwJsgy2HkUi8CN66mBt03nciEfPvG6 om60Oa0Mj+BoevtiQeaXRgXI/bsKDz57sUuhOlGY6LbfNbAWew90ns+q1CWTDW/8 uAsi8SgKjVKp3lM8f3TR73GIOMVn8lNAgnSyrbVVGke7nHO0AjwdeV/Ld6So6fWG 1ELvZyzkn/BI6V3W29IjcKlo7ncS9bv6CU1z+vToW2FPUitazS3P2cdr069KyKyH bU8hQPkqDp2jwMMk4DDojS5ue8VhFj0yazhMKYJB7KSzjf57qgegjipEvKQlN5HT FFVJBtD94jGVHzspGh0s =lqqu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
2015-05-16 15:31 GMT+02:00 Sebastian Ramacher sramac...@debian.org: On 2015-05-16 15:28:44, Arne Wichmann wrote: begin quotation from Sebastian Ramacher (in 20150516130757.ga21...@ramacher.at): On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? I might have read the commit wrong. Do you have a sample for this CVE? There is one referenced in various messages relating to CVE-2014-7937: asan_heap-uaf_18dac2b_9_asan_heap-uaf_22eb375_208_beta3_test_small.ogg unfortunately it is not publicly available AFAICS. You might ask upstream about it. I did. libav developers do not seem to have it. So please provide a sample. Why don't you/they ask FFmpeg upstream directly? Cheers, Balint -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html A similar commit to the one maintained in this mailing list post was applied to 11.3. So closing with that version. Do you mean the patch at [0]? Honestly it doesn't look like the ffmpeg patch at all, and the commit message doesn't even mention the bug fix. How can you be so sure that the bug is fixed? Cheers [0] https://github.com/libav/libav/commit/0025f7408a0fab2cab4a950064e4784a67463994 signature.asc Description: Digital signature
Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c
Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet been reported or fixed: CVE-2014-7937 : Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data [1] I marked this as grave as the impact is unclear and might include arbitrary code execution. Feel free do downgrade if this can be ruled out. (Actually I would like to have a look at the test case to check a bit more thoroughly, but AFAICS I would need to talk to google for this.) [1] https://security-tracker.debian.org/tracker/CVE-2014-7937 https://lists.libav.org/pipermail/libav-devel/2015-January/066433.html cu AW -- System Information: Debian Release: stretch/sid APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.7-ckt9 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libavcodec56 depends on: ii libavresample2 6:11.3-2 ii libavutil546:11.3-2 ii libc6 2.19-18 ii libgsm11.0.13-4 ii libmp3lame03.99.5+repack1-7 ii libopenjpeg5 1:1.5.2-3 ii libopus0 1.1-2 ii libschroedinger-1.0-0 1.0.11-2.1 ii libspeex1 1.2~rc1.2-1 ii libtheora0 1.1.1+dfsg.1-6 ii libva1 1.5.1-2 ii libvorbis0a1.3.4-2 ii libvorbisenc2 1.3.4-2 ii libvpx11.3.0-3 ii libx264-1422:0.142.2431+gita5831aa-1+b2 ii libx265-43 1.5-1 ii libxvidcore4 2:1.3.3-1 ii multiarch-support 2.19-18 ii zlib1g 1:1.2.8.dfsg-2+b1 libavcodec56 recommends no packages. libavcodec56 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org