On Wed, Jan 13, 2010 at 09:28:43AM +0100, Reinhard Tartler wrote:
> found 550442 0.svn20080206-18
> stop
>
> On Sa, Dez 05, 2009 at 00:33:02 (CET), Reinhard Tartler wrote:
>
> > Moritz Muehlenhoff writes:
> >
> >> Sorry, this slipped through. An upda
On Fri, Jan 22, 2010 at 06:10:55PM +0100, Moritz Muehlenhoff wrote:
> On Wed, Jan 13, 2010 at 09:28:43AM +0100, Reinhard Tartler wrote:
> > found 550442 0.svn20080206-18
> > stop
> >
> > On Sa, Dez 05, 2009 at 00:33:02 (CET), Reinhard Tartler wrote:
> >
On Tue, Feb 09, 2010 at 09:53:46AM +0100, Reinhard Tartler wrote:
> On Do, Jan 28, 2010 at 22:26:45 (CET), Moritz Muehlenhoff wrote:
>
> > On Fri, Jan 22, 2010 at 06:10:55PM +0100, Moritz Muehlenhoff wrote:
> >> On Wed, Jan 13, 2010 at 09:28:43AM +0100, Reinhard Tartler wrote
Reinhard Tartler wrote:
> I don't think its really worth tracking dos-only fixes. FFmpeg is very
> performance tuned, and AFAIUI upstream does consider dos-only fixes only
> on a best efford basis as long as it doesn't impair performance.
Ack. Crashers in media libs are not treated as security rel
Package: fluidsynth
Severity: important
The configure script for Fluidsynth detects ALSA support on KFreeBSD:
**
Summary:
libsndfile:yes (with ogg vorbis support)
PulseAudio:yes
JACK: yes
AL
On Sun, Jul 18, 2010 at 09:15:20PM +0200, Reinhard Tartler wrote:
> I don't think it is a practical problem to point than more than one diff
> in the announcement and/or changelog. Do you?
For the Debian Security Team is pointer to an upload commit is usually
sufficient. Adding one would be much
Hi,
On Fri, Aug 06, 2010 at 02:55:31PM -0400, Reinhard Tartler wrote:
> In any case, Moritz has localized this issue:
>
> j...@galadriel:~$ sudo chroot chroots/lenny/
> r...@galadriel:/# apt-get install libavformat52 libavcodec51
> Reading package lists... Done
> Building dependency tree
> Readi
Hi,
I'm currently checking the status of packages being orphaned to clean
up old dust for Wheezy. There are three multimedia related packages, is
there interest in adopting them by Debian Multimedia Maintainers?
If the two audio editors have better alternatives and should just be
removed, please
On Wed, Feb 16, 2011 at 03:27:48PM +0100, Reinhard Tartler wrote:
> On Wed, Feb 16, 2011 at 15:22:48 (CET), Fabian Greffrath wrote:
>
> > Am 16.02.2011 15:13, schrieb Debian FTP Masters:
> >> /ffmpeg-debian_0.svn20080206-18+lenny3_amd64.changes is already present on
> >> target host:
> >> libswsc
Package: libav
Severity: grave
Tags: security
The following was reported to Bugtraq:
http://seclists.org/bugtraq/2011/Apr/257 (No CVE yet)
The ffmpeg commit
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32
isn't yet in libav git. Reinhard, can you pull t
Package: gmerlin-encoders-ffmpeg
Severity: important
Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
http://en.wikipedia.org/wiki/FFmpeg for more information)
Your package currently fails to build from source when bui
Package: gmerlin-avdecoder
Severity: important
Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
http://en.wikipedia.org/wiki/FFmpeg for more information)
Your package currently fails to build from source when built aga
Package: idjc
Severity: normal
Tags: patch
I'm filing this bug to keep track of the fact that the libav7
support patch needs to be activated in debian/patches/series
once libav 0.7 is uploaded to unstable.
(I'm user-tagging all bugs affecting this transition so that we
don't miss any.)
Cheers,
Package: mplayer2
Version: 2.0-134-g84d8671-4
Severity: normal
Please drop the build-dep on svgalib and pass --disable-svga to the configure
script. svgalib is dead upstream for a long time, supports only vintage graphic
cards, is limited to x86 and very problematic from a security PoV (since it
Package: libav
Severity: important
The following was reported by oCERT:
http://www.ocert.org/advisories/ocert-2011-002.html
A CVE ID is not yet available, I will be requesting one. This is unfixed
in libav from sid. The ffmpeg fix can be found here:
http://git.videolan.org/?p=ffmpeg.git;a=commit;
Package: libav
Severity: important
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
Discovered by Microsoft :-)
ffmpeg fix:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7e33a66c0e178c3576c1ba1648be4295809adca8
Cheers,
Moritz
__
Package: mplayer
Severity: grave
Tags: security
Please see:
http://www.openwall.com/lists/oss-security/2011/10/14/1
http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf
Fix:
http://mplayerhq.hu/pipermail/mplayer-cvslog/2011-May/042075.html
I didn't check mp
On Wed, Nov 02, 2011 at 09:57:21PM +0100, Reinhard Tartler wrote:
> On Mi, Nov 02, 2011 at 15:33:20 (CET), Yves-Alexis Perez wrote:
>
> > I'm considering the various open issues in ffmpeg in Squeeze
> > (CVE-2011-{3362,3504,3973,3974}).
>
> I'm currently investigating these issues. Let's first di
Package: icecast2
Severity: important
Tags: security
Hi,
a minor vulnerability has been discovered in Icecast. Please see
https://bugs.launchpad.net/ubuntu/+source/icecast2/+bug/894782 for
details.
This is CVE-2011-4612, please mention it in the changelog.
This doesn't warrant a DSA. You can how
Package: vlc
Severity: important
Please enable hardened build flags through dpkg-buildflags.
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/
Package: mplayer2
Version: 2.0-426-gc32b3ed-2
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. The more stringent format string checks
unveiled a missing format string in the streaming code,
please contact upstream on that one.
Cheers,
Package: mplayer
Version: 2:1.0~rc4.dfsg1+svn34540-1
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. The more stringent format string checks
unveiled a missing format string in the streaming code
and the GUI, please contact upstream on t
Source: libav
Severity: important
Tags: patch
Please enable hardened build flags through dpkg-buildflags.
Patch attached. The format string checks detect a missing
format string in libavcodec/srtdec.c, please contact upstream
for that.
Cheers,
Moritz
diff -aur libav-0.8.harden/debian/rul
Package: idjc
Version: 0.8.7-1
Severity: serious
Your package fails to build from source:
make[3]: Entering directory `/home/jmm/idjc-0.8.7/python'
Making install in prelims
make[4]: Entering directory `/home/jmm/idjc-0.8.7/python/prelims'
make[5]: Entering directory `/home/jmm/idjc-0.8.7/python/
On Mon, Jan 30, 2012 at 11:10:27PM +0100, Moritz Muehlenhoff wrote:
> Package: mplayer
> Version: 2:1.0~rc4.dfsg1+svn34540-1
> Severity: important
> Tags: patch
>
> Please enable hardened build flags through dpkg-buildflags.
>
> Patch attached. The more stringent format
Package: vlc
Severity: important
Hi,
libggi is scheduled for removal in Wheezy:
http://lists.debian.org/debian-release/2012/07/msg00134.html
You've already dropped the binary package in 2.0.0-1, so the only thing
left is to drop the build-dep on libggi2-dev.
Cheers,
Moritz
___
On Tue, Jun 26, 2012 at 06:36:56PM +0300, Rücker Thomas wrote:
> Hi Jonas,
>
> On 13/06/12 02:02, Jonas Smedegaard wrote:
>> Hi Thomas,
>>
>> On 12-06-13 at 12:50am, Rücker Thomas wrote:
>>> Hello, your friendly upstream here.
>>>
>>> We just released Icecast 2.3.3 which addresses this issue.
>>>
>
On Sun, Oct 14, 2012 at 05:00:54PM -0400, Reinhard Tartler wrote:
> On Wed, Sep 26, 2012 at 4:22 AM, Yves-Alexis Perez wrote:
> > Source: libav
> > Severity: grave
> > Justification: user security hole
> >
> > Hi,
> >
> > it seems that a huge pile of CVE were allocated for ffmpeg/libav
>
> short
Package: vlc
Severity: grave
Tags: security
Justification: user security hole
Please see http://openwall.com/lists/oss-security/2012/10/24/3
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debi
On Mon, Nov 26, 2012 at 08:01:03PM +0100, Arne Wichmann wrote:
> I just had a look at the above mentioned problems and I am a bit unsure
> about their status. As far as I can see the fixes are not applied, the
> status in http://security-tracker.debian.org/tracker/source-package/libav
> still lists
Package: cantata
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following was reported on oss-security:
https://code.google.com/p/cantata/issues/detail?id=356
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
Hi,
On Sat, Sep 28, 2013 at 05:43:54PM +0200, Rémi Vanicat wrote:
> David Suárez writes:
>
> > Source: cmus
> > Version: 2.5.0-3
> > Severity: serious
> > Tags: jessie sid
> > User: debian...@lists.debian.org
> > Usertags: qa-ftbfs-20130922 qa-ftbfs
> > Justification: FTBFS on amd64
> >
> > Hi,
Package: alsa-plugins
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migra
Package: amide
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: audacious-plugins
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/M
Source: bino
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: dvbcut
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/1
Source: ffdiaporama
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrati
Package: ffmpeg2theora
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migr
Source: blender
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/1
Package: forked-daapd
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migra
Source: freerdp
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/1
Package: fuse-emulator-utils
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.or
Source: cmus
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: gmerlin-avdecoder
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/M
Source: gnash
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: harvid
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/1
Source: k3b
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
C
Source: linphone
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/
Package: vice
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: lynkeos.app
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrat
Package: idjc
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: gpac
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: gst-libav1.0
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrat
Package: guvcview
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration
Source: libquicktime
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrat
Package: silan
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: lives
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: lightspark
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migratio
Source: libphash
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/
Package: mplayer2
Version: 2.0-701-gd4c5b7f-2
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
http
Package: shotdetect
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrati
Package: yorick-av
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migratio
Source: qmmp
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: gmerlin-encoders
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Mi
Package: kino
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: qutecom
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/
Source: transcode
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration
Package: performous
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrati
Package: xjadeo
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/1
Source: jitsi
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: paraview
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/
Source: opencv
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: strigi
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: opal
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: xine-lib
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration
Source: wxsvg
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Package: vtk6
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
Source: openscenegraph
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migr
Source: xine-lib-1.2
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrat
Source: vxl
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
C
Package: zoneminder
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migrati
Package: vtk
Severity: important
Hi,
your package fails to build from source against libav 10 (currently
packaged in experimental). This bug will become release-critical
at some point when the libav10 transition starts.
Migration documentation can be found at
https://wiki.libav.org/Migration/10
retitle 732159 RM: mplayer - RoM - unmaintained, RC-buggy, alternatives exist
reassign 732159 ftp.debian.org
thanks
On Sun, Feb 16, 2014 at 12:16:59PM -0500, Reinhard Tartler wrote:
> >> > Should this package be removed? If so, please reassign to ftp.debian.org
> >> >
> >> > - Last upload nearly t
On Fri, Apr 25, 2014 at 04:41:36PM +0200, Sebastian Ramacher wrote:
> On 2014-04-25 16:40:28, Sebastian Ramacher wrote:
> > Hi Security Team,
> >
> > On 2014-04-20 11:59:23, Salvatore Bonaccorso wrote:
> > > Source: libmms
> > > Version: 0.6-1
> > > Severity: grave
> > > Tags: security upstream fi
Package: xbmc
Severity: important
Tags: security
Please see http://www.ocert.org/advisories/ocert-2015-006.html
Could you report this upstream?
IMO doesn't warrant an update for XBMC in stable.
Cheers,
Moritz
___
pkg-multimedia-maintainers mai
Source: libav
Severity: serious
It was decided to switch to ffmpeg for stretch and it's now in
testing.
Please remove libav from testing (or rather from unstable unless
someone wants to continue to maintain it in unstable/experimental
only)
Cheers,
Moritz
___
Package: devede
Severity: normal
libav-tools is now a transition package built from ffmpeg, so please
convert devede to use ffmpeg directly.
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debi
On Wed, May 20, 2015 at 07:08:43PM +0200, Sebastian Ramacher wrote:
> Version: 3.0.0~alpha1-1
>
> Hi Sebastian
>
> On 2015-05-20 16:03:06, sl...@debian.org wrote:
> > Source: soundconverter
> > Severity: important
> > User: sl...@debian.org
> > Usertags: gstreamer0.10-removal
> >
> > Hi maintain
Package: audiofile
Severity: important
Tags: security
Please see http://www.openwall.com/lists/oss-security/2015/10/06/2
for details.
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
> Five CVEs therefore remain without upstream patches in libav:
>
> https://security-tracker.debian.org/tracker/CVE-2014-8544
> https://security-tracker.debian.org/tracker/CVE-2014-8546
> https://security-tracker.debian.org/tracker/CVE-2014-9316
> https://security-tracker.debian.org/tracker/CVE-20
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> Source: vlc
> Version: 2.1.5-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> multiple vulnerabilities were reported against vlc 2.1.5. The complete
> mail is at http://seclists.org/oss-sec/20
On Mon, Jan 26, 2015 at 05:33:30PM +0100, Sebastian Ramacher wrote:
> On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
> > On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> > > * The potential invalid writes in modules/services_discovery/sap.c and
> > > modules/access/ftp.c wer
Package: das-watchdog
Severity: grave
Tags: security
Hi,
this has been assigned CVE-2015-2831:
http://www.openwall.com/lists/oss-security/2015/04/01/8
Cheers,
Moritz
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.a
Package: mplayer
Version: 2:1.0~rc4.dfsg1+svn34540-1+b1
Severity: important
Tags: patch
svgalib is scheduled for removal from the archive. Please
disable the support. Patch attached.
Cheers,
Moritz
diff -aur mplayer-1.0~rc4.dfsg1+svn34540.orig/debian/control mplayer-1.0~rc4.dfsg1+svn34540
Package: vlc
Version: 2.0.7-1
Severity: important
Hi,
svgalib is scheduled for removal from the archive. vlc already
dropped support in 2.0.0-1. But the build dep on libsvga1-dev
is still present. Please remove it as well.
Cheers,
Moritz
___
pk
severity 717009 important
thanks
On Wed, Aug 14, 2013 at 11:08:46AM +0530, shirish शिरीष wrote:
> Hi all,
> With the planned transition of libav9 i.e. #706798 would the security
> holes be fixed as well ?
This is currently being worked out with upstream. Most are fixed by now
or only affect ffmpe
On Sun, Aug 25, 2013 at 01:50:21PM +0200, David Suárez wrote:
> Source: dvbcut
> Version: 0.5.4+svn178-2
> Severity: serious
> Tags: jessie sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20130825 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> During a rebuild of all packages in
On Sun, Aug 25, 2013 at 03:16:54PM +0200, David Suárez wrote:
> Source: lives
> Version: 2.0.5~ds0-1
> Severity: serious
> Tags: jessie sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20130825 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> During a rebuild of all packages in sid
On Sun, Aug 25, 2013 at 03:31:12PM +0200, David Suárez wrote:
> Source: transcode
> Version: 3:1.1.7-5
> Severity: serious
> Tags: jessie sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20130825 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> During a rebuild of all packages in s
1 - 100 of 115 matches
Mail list logo
