CVE-2013-1868
Hello, Could you check if Debian packages of VLC are affected of CVE-2013-1868, thank you. References: https://security-tracker.debian.org/tracker/CVE-2013-1868 http://www.openwall.com/lists/oss-security/2013/03/17/1 http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 http://www.videolan.org/security/sa1301.html I can submit bug if needed. At least I can't find that file, which was changed. --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: [SCM] ardour3/master: Changelog entries
On 03/20/2013 01:38 AM, adiknoth-gu...@users.alioth.debian.org wrote: The following commit has been merged in the master branch: commit 84722dcabbef0b24454501f93c6a6e3b559ccd36 Author: Adrian Knoth a...@drcomp.erfurt.thur.de Date: Wed Mar 20 00:28:06 2013 +0100 +ardour3 (3.0~dfsg-1) UNRELEASED; urgency=low We now have a working initial packaging for A3. Feel free to apply your usual love before uploading (we're waiting for lilv-0.16.0, just to be sure). Cheers ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: CVE-2013-1868
Am Mittwoch, den 20.03.2013, 11:23 +0200 schrieb Henri Salo: Hello, Could you check if Debian packages of VLC are affected of CVE-2013-1868, thank you. VLC 2.0.3-5 from testing is (probably) affected and VLC 2.0.5-1 from unstable is not affected. References: https://security-tracker.debian.org/tracker/CVE-2013-1868 http://www.openwall.com/lists/oss-security/2013/03/17/1 http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 This git commit is not the correct commit. http://www.videolan.org/security/sa1301.html I can submit bug if needed. At least I can't find that file, which was changed. I would appreciate a bug report with an attached and tested patch. -- Benjamin Drung Debian Ubuntu Developer ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: CVE-2013-1868
VLC 2.0.3-5 from testing is (probably) affected and VLC 2.0.5-1 from unstable is not affected. Could you submit this information to security tracker after you have verified it? http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 This git commit is not the correct commit. Removed from security tracker. Do you know what is the correct commitdiff? I would appreciate a bug report with an attached and tested patch. I can submit a bug to BTS, but I don't have knowledge/skills to test this issue and currently no time to create patch for it. This is the reason I contacted you via email. Please note that the commitdiff-link was in the CVE-request in oss-security mailing list. I also prefer not to report the bug with unclear details. --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
GPS tracker with multi discrete input and output /Attn: purchase manager与您共享了相册。
Tips: GPS tracker with multi discrete input and output /Attn: purchase manager Dear Sir This is Anna,the sales manager of Redview GPS in China. VT310 is a GPS tracker with 5 discrete inputs ,5 discrete outputs and 2 analog ports . With VT310,you can get vehicle windows status, door status, engine status, temperature and tank fuel level ,etc. This is widely used in truck tracking application. I would appreciate if you forward this letter to Technical Manager or to other expert responsible for technical integration of new products in your company, or provide me with his contact for we could discuss all the details of our future cooperation. Your early reply is highly appreciated. Best Regards Anna https://picasaweb.google.com/lh/sredir?uname=116784200010082041012target=ALBUMid=5852109890782528689authkey=Gv1sRgCIL8tYGdt6LalQEinvite=CKzuz6ABfeat=email attachment: picasaweblogo-zh_CN.gifattachment: email.jpg___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#703542: Inconsistent use of _GNU_SOURCE
Package: bristol Version: 0.60.10-3 Severity: minor Usertags: goto-cc While building the package using our research compiler infrastructure we noticed conflicting types being used in the linked executable. This is due to _GNU_SOURCE being defined in ./libbristolmidi/socketToolKit.c ./libbristolmidi/inetClient.c ./brighton/brightonCLI.c but not in any other file. As a result, system headers expand to conflicting declarations. (This was at least noticed for the connect function, but may extend to others.) Either all or no file should #define _GNU_SOURCE. Best, Michael pgpXv3y7O8Fpf.pgp Description: PGP signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#703544: i965-va-driver: Nothing depends / recommends this
Package: i965-va-driver Hi, It seems this package is needed to actually being able to use va-api. At least that's my understanding of things. But nothing seems to Depend on Recommend it other than libva-intel-vaapi-driver, which is a transistion package. libva-intel-vaapi-driver also doesn't have any dependencies. Could you please file bugs against the proper packages to Depend or Recommend this package? Kurt ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: CVE-2013-1868
Am Mittwoch, den 20.03.2013, 13:56 +0200 schrieb Henri Salo: VLC 2.0.3-5 from testing is (probably) affected and VLC 2.0.5-1 from unstable is not affected. Could you submit this information to security tracker after you have verified it? It's fixed in VLC 2.0.5 according to upstream. http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=9b0414dc7f5c18ff2951175cf076779c444efd70 This git commit is not the correct commit. Removed from security tracker. Do you know what is the correct commitdiff? No. The commits between 2.0.4 and 2.0.5 needs to be checked. I found two commits: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=74ff87cc141bc1b88a38ee90f95b3d935c938a56 http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=8e8b02ff1720eb46dabe2864e79d47b40a2792d5 I would appreciate a bug report with an attached and tested patch. I can submit a bug to BTS, but I don't have knowledge/skills to test this issue and currently no time to create patch for it. This is the reason I contacted you via email. Please note that the commitdiff-link was in the CVE-request in oss-security mailing list. I also prefer not to report the bug with unclear details. Is there test case / file that triggers this bug? -- Benjamin Drung Debian Ubuntu Developer ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: CVE-2013-1868
On Wed, Mar 20, 2013 at 09:54:30PM +0100, Benjamin Drung wrote: Is there test case / file that triggers this bug? I don't have any. You can request such from upstream if you want or I can do it. --- Henri Salo signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: CVE-2013-1868
Am Mittwoch, den 20.03.2013, 23:03 +0200 schrieb Henri Salo: On Wed, Mar 20, 2013 at 09:54:30PM +0100, Benjamin Drung wrote: Is there test case / file that triggers this bug? I don't have any. You can request such from upstream if you want or I can do it. It would be nice if you could request it. -- Benjamin Drung Debian Ubuntu Developer ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#692193: ffmpeg: description claims that ffmpeg is a transitional package, but it isn't
And what about making /usr/bin/ffmpeg a symlink to /usr/bin/avconv in future package versions? Best wishes, Bob ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#692609: avconv: converting videos to mpeg4 makes jerking and short pauses of video
Processing control commands: reassign -1 libav-tools 6:0.8.3-1~bpo60+1 Bug #692609 [ffmpeg] ffmpeg: converting with avconv to mpeg4 makes jerking and short pauses of video Bug reassigned from package 'ffmpeg' to 'libav-tools'. No longer marked as found in versions 6:0.8.3-1~bpo60+1. Ignoring request to alter fixed versions of bug #692609 to the same values previously set Bug #692609 [libav-tools] ffmpeg: converting with avconv to mpeg4 makes jerking and short pauses of video There is no source info for the package 'libav-tools' at version '6:0.8.3-1~bpo60+1' with architecture '' Unable to make a source version for version '6:0.8.3-1~bpo60+1' Marked as found in versions 6:0.8.3-1~bpo60+1. retitle -1 avconv: converting videos to mpeg4 makes jerking and short pauses of video Bug #692609 [libav-tools] ffmpeg: converting with avconv to mpeg4 makes jerking and short pauses of video Changed Bug title to 'avconv: converting videos to mpeg4 makes jerking and short pauses of video' from 'ffmpeg: converting with avconv to mpeg4 makes jerking and short pauses of video' tags -1 moreinfo Bug #692609 [libav-tools] avconv: converting videos to mpeg4 makes jerking and short pauses of video Added tag(s) moreinfo. -- 692609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692609 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#692193: marked as done (ffmpeg: description claims that ffmpeg is a transitional package, but it isn't)
Your message dated Thu, 21 Mar 2013 05:47:52 +0100 with message-id CAJ0cceZoGVQUM1-C66g7o46_cGeU+uQ70H-SoTn=zrm_xqj...@mail.gmail.com and subject line Re: Bug#692193: ffmpeg: description claims that ffmpeg is a transitional package, but it isn't has caused the Debian Bug report #692193, regarding ffmpeg: description claims that ffmpeg is a transitional package, but it isn't to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692193: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692193 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: ffmpeg Version: 6:0.8.4-1 Severity: normal The ffmpeg description is: Description: Multimedia player, server, encoder and transcoder (transitional package) which is incorrect because the package provides the ffmpeg program (and its man page). Removing a transitional package should be completely safe, but here doing this breaks other software on the machine (e.g. the DownloadHelper Firefox extension, which knows about ffmpeg, but not avconv). Please use another word in the package description such as obsolete. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.5-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ffmpeg depends on: ii libav-tools6:0.8.4-1 ii libavcodec53 6:0.8.4-1 ii libavdevice53 6:0.8.4-1 ii libavfilter2 6:0.8.4-1 ii libavformat53 6:0.8.4-1 ii libavutil516:0.8.4-1 ii libc6 2.13-36 ii libpostproc52 6:0.8.4-1 ii libswscale26:0.8.4-1 ffmpeg recommends no packages. ffmpeg suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- On Thu, Mar 21, 2013 at 3:50 AM, Bob Bib bobbib...@mail.ru wrote: And what about making /usr/bin/ffmpeg a symlink to /usr/bin/avconv in future package versions? the Debian package named 'ffmpeg' is transitional in the sense that it will go away in jessie as currently implemented in experimental. With that being said, the bug report is not valid and I am therefore closing it. A symlink is not a good option as avconv and ffmpeg are not command-line compatible. The fact that the command-line interface of ffmpeg changes frequently anyways is a poor excuse and does not help anyone. regards, Reinhard -- regards, Reinhard---End Message--- ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#692609: ffmpeg: converting with avconv to mpeg4 makes jerking and short pauses of video
tags 692609 upstream stop Hi, First of all, thank you for your time to report this bugreport. On Wed, Nov 7, 2012 at 10:17 PM, rpnpif rpn...@free.fr wrote: Package: ffmpeg Version: 6:0.8.3-1~bpo60+1 Severity: normal Converting videos with avconv/ffmpeg to mpeg4 makes jerking, short pauses periodically all about 5 sec. Unfortunately, this description lacks a number of criticial pieces of information that would be necessary to process this bug. Avidemux (not in Debian repositery) has not this issue. This is unfortunately irrelevant. avconv -i video.x output.mp4 x in wmv or mpg1 format. So does it work for you for other formats? In any case, please take your time to report this bug upstream following the guidelines here: http://libav.org/bugreports.html. It really makes more sense if you contact upstream yourself as they will definitely have some follow-up questions. Please also share the upstream bugzilla number as a reply to this email, so that we can track progress done upstream. -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#692609: ffmpeg: converting with avconv to mpeg4 makes jerking and short pauses of video
Processing commands for cont...@bugs.debian.org: tags 692609 upstream Bug #692609 [libav-tools] avconv: converting videos to mpeg4 makes jerking and short pauses of video Added tag(s) upstream. stop Stopping processing here. Please contact me if you need assistance. -- 692609: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692609 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#692877: libav-tools: avconv segfault when deprecated -deinterlace is used
tags 692877 upstream stop Hi Paul, First of all, thank you for your time to report this bugreport and sorry for the delay. On Sat, Nov 10, 2012 at 9:30 AM, Paul Gevers elb...@debian.org wrote: Package: libav-tools Version: 6:9~beta1-1 Severity: normal I ran the deprecated -deinterlace option on my test video (attached). avconv first warns about deprecation, and then segfaults. (See below). Paul paul@wollumbin ~ $ avconv -i test.avi -vcodec libxvid -deinterlace /tmp/bla.aviavconv version 9_beta1-6:9~beta1-1, Copyright (c) 2000-2012 the Libav developers built on Oct 16 2012 20:18:50 with gcc 4.7 (Debian 4.7.2-4) Guessed Channel Layout for Input Stream #0.1 : mono Input #0, avi, from '/home/paul/test.avi': Metadata: encoder : Lavf53.20.0 Duration: 00:00:00.23, start: 0.00, bitrate: 9890 kb/s Stream #0.0: Video: mjpeg, yuvj422p, 640x480, 30 fps, 30 tbr, 30 tbn Metadata: title : FUJIFILM AVI STREAM 0100 Stream #0.1: Audio: pcm_u8, 16000 Hz, mono, u8, 128 kb/s - -deinterlace is deprecated, use -filter:v yadif instead File '/tmp/bla.avi' already exists. Overwrite ? [y/N] y Output #0, avi, to '/tmp/bla.avi': Metadata: ISFT: Lavf54.18.0 Stream #0.0: Video: libxvid, yuv420p, 640x480, q=2-31, 200 kb/s, 30 tbn, 30 tbc Metadata: title : FUJIFILM AVI STREAM 0100 Stream #0.1: Audio: libmp3lame, 16000 Hz, mono, s16p Stream mapping: Stream #0:0 - #0:0 (mjpeg - libxvid) Stream #0:1 - #0:1 (pcm_u8 - libmp3lame) Press ctrl-c to stop encoding Segmentation fault Could you please take your time to report this bug upstream following the guidelines here: http://libav.org/bugreports.html. It really makes more sense if you contact upstream yourself as they will definitely have some follow-up questions. Please also share the upstream bugzilla number as a reply to this email, so that we can track progress done upstream. -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#692877: libav-tools: avconv segfault when deprecated -deinterlace is used
Processing commands for cont...@bugs.debian.org: tags 692877 upstream Bug #692877 [libav-tools] libav-tools: avconv segfault when deprecated -deinterlace is used Added tag(s) upstream. stop Stopping processing here. Please contact me if you need assistance. -- 692877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692877 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
