[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
http://www.ubuntu.com/usn/usn-630-1 ** Changed in: ffmpeg (Ubuntu Feisty) Status: Confirmed = Fix Released ** Changed in: ffmpeg (Ubuntu Dapper) Status: Confirmed = Fix Released ** Changed in: ffmpeg (Ubuntu) Status: Confirmed = Fix Released -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Attachment added: hardy_security_ffmpeg_0.cvs20070307-5ubuntu7.1.debdiff http://launchpadlibrarian.net/16133320/hardy_security_ffmpeg_0.cvs20070307-5ubuntu7.1.debdiff -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Attachment added: gutsy_security_ffmpeg_0.cvs20070307-5ubuntu4.1.debdiff http://launchpadlibrarian.net/16133546/gutsy_security_ffmpeg_0.cvs20070307-5ubuntu4.1.debdiff -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Attachment added: feisty_security_ffmpeg_0.cvs20060823-3.1ubuntu4.1.debdiff http://launchpadlibrarian.net/16142922/feisty_security_ffmpeg_0.cvs20060823-3.1ubuntu4.1.debdiff -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
Dapper fixed inline (adopted first security patch method.) ** Attachment added: dapper_security_ffmpeg_0.cvs20050918-5ubuntu1.2.debdiff http://launchpadlibrarian.net/16143288/dapper_security_ffmpeg_0.cvs20050918-5ubuntu1.2.debdiff -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Bug watch added: Debian Bug tracker #489965 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965 ** Also affects: ffmpeg-debian (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965 Importance: Unknown Status: Unknown -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Changed in: ffmpeg-debian (Debian) Status: Unknown = Fix Released -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
UPSTREAM FIX: http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/psxstr.c?view=patchr1=13993r2=13992pathrev=13993 UPSTREAM BUG: https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311 CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162 -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Changed in: ffmpeg (Ubuntu Dapper) Importance: Undecided = Medium Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = Confirmed ** Attachment added: intrepid_ffmpeg-free_0.svn20080206-8ubuntu2.debdiff http://launchpadlibrarian.net/16033798/intrepid_ffmpeg-free_0.svn20080206-8ubuntu2.debdiff ** Changed in: ffmpeg (Ubuntu Feisty) Importance: Undecided = Medium Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = Confirmed -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Attachment removed: intrepid_ffmpeg- free_0.svn20080206-8ubuntu2.debdiff http://launchpadlibrarian.net/16033798/intrepid_ffmpeg- free_0.svn20080206-8ubuntu2.debdiff -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
POC: Run 'ffmpeg -y -i logo.iki -vn -f wav /dev/null' (with the attached file) On the latest ubuntu/i386: - SVN r13990 will crash immediately. Under valgrind 3.3.0 it will report several invalid writes and then valgrind itself will crash. - SVN r13993 and up shouldn't crash or have any valgrind warnings. ** Attachment added: logo.iki http://launchpadlibrarian.net/16039022/logo.iki -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
intrepid use ffmpeg-debian (main) hardy and gutsy use ffmpeg (main) dapper and feisty use ffmpeg (universe) ** Attachment removed: dapper_security_ffmpeg_0.cvs20050918-5ubuntu1.2.debdiff http://launchpadlibrarian.net/16041606/dapper_security_ffmpeg_0.cvs20050918-5ubuntu1.2.debdiff ** Changed in: ffmpeg (Ubuntu) Assignee: Emanuele Gentili (emgent) = (unassigned) -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 248674] Re: CVE-2008-3162 Stack-based buffer overflow
** Attachment added: dapper_security_ffmpeg_0.cvs20050918-5ubuntu1.2.debdiff http://launchpadlibrarian.net/16041606/dapper_security_ffmpeg_0.cvs20050918-5ubuntu1.2.debdiff -- CVE-2008-3162 Stack-based buffer overflow https://bugs.launchpad.net/bugs/248674 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
