package: ffmpeg version: 0.svn20080206-18 severity: serious tags: security hi, i have just tested the latest ffmpeg update against the original proof of concepts [0] reported in bug #550442 [1]. many of them are still effective. there is some good news though; i've found that upstream has addressed all of the problems in their latest svn version. attached are my findings.
reference [2] may be useful to track down the other needed patches; or it may be easier to just upgrade to a new svn (however, the patches still need to be determined for stable). mike [0] http://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442 [2] http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/97154
ffmpeg
Description: Binary data
