Package: libav Version: 4:0.7.3-2 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for libav.
CVE-2011-3892[0]: | Double free vulnerability in the Theora decoder in Google Chrome | before 15.0.874.120 allows remote attackers to cause a denial of | service or possibly have unspecified other impact via a crafted | stream. CVE-2011-3893[1]: | Google Chrome before 15.0.874.120 does not properly implement the MKV | and Vorbis media handlers, which allows remote attackers to cause a | denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3895[2]: | Heap-based buffer overflow in the Vorbis decoder in Google Chrome | before 15.0.874.120 allows remote attackers to cause a denial of | service or possibly have unspecified other impact via a crafted | stream. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. This issues also very likely affect ffmpeg in squeeze and before, but I haven't checked that. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892 http://security-tracker.debian.org/tracker/CVE-2011-3892 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://security-tracker.debian.org/tracker/CVE-2011-3893 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://security-tracker.debian.org/tracker/CVE-2011-3895 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
