Bug#624339: marked as done (Memory corruption in AMV decoder)

[Debian Bug Tracking System]

Your message dated Sat, 30 Apr 2011 11:32:47 +0000
with message-id <e1qg8pn-0001kn...@franck.debian.org>
and subject line Bug#624339: fixed in libav 4:0.6.2-3
has caused the Debian Bug report #624339,
regarding Memory corruption in AMV decoder
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
624339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libav
Severity: grave
Tags: security

The following was reported to Bugtraq:
http://seclists.org/bugtraq/2011/Apr/257 (No CVE yet)

The ffmpeg commit 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32

isn't yet in libav git. Reinhard, can you pull the strings to get
it merged? (IIRC you're involved in libav)

(As for ffmpeg/squeeze and ffmpeg/lenny, I'm unsure about the status,
since there's already a pending (ticket update owned by Guiseppe))

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs37-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: libav
Source-Version: 4:0.6.2-3

We believe that the bug you reported is fixed in the latest version of
libav, which is due to be installed in the Debian FTP archive:

ffmpeg-dbg_0.6.2-3_i386.deb
  to main/liba/libav/ffmpeg-dbg_0.6.2-3_i386.deb
ffmpeg-doc_0.6.2-3_all.deb
  to main/liba/libav/ffmpeg-doc_0.6.2-3_all.deb
ffmpeg_0.6.2-3_i386.deb
  to main/liba/libav/ffmpeg_0.6.2-3_i386.deb
libav-dbg_0.6.2-3_i386.deb
  to main/liba/libav/libav-dbg_0.6.2-3_i386.deb
libav-doc_0.6.2-3_all.deb
  to main/liba/libav/libav-doc_0.6.2-3_all.deb
libav-source_0.6.2-3_all.deb
  to main/liba/libav/libav-source_0.6.2-3_all.deb
libav_0.6.2-3.diff.gz
  to main/liba/libav/libav_0.6.2-3.diff.gz
libav_0.6.2-3.dsc
  to main/liba/libav/libav_0.6.2-3.dsc
libavcodec-dev_0.6.2-3_i386.deb
  to main/liba/libav/libavcodec-dev_0.6.2-3_i386.deb
libavcodec52_0.6.2-3_i386.deb
  to main/liba/libav/libavcodec52_0.6.2-3_i386.deb
libavdevice-dev_0.6.2-3_i386.deb
  to main/liba/libav/libavdevice-dev_0.6.2-3_i386.deb
libavdevice52_0.6.2-3_i386.deb
  to main/liba/libav/libavdevice52_0.6.2-3_i386.deb
libavfilter-dev_0.6.2-3_i386.deb
  to main/liba/libav/libavfilter-dev_0.6.2-3_i386.deb
libavfilter1_0.6.2-3_i386.deb
  to main/liba/libav/libavfilter1_0.6.2-3_i386.deb
libavformat-dev_0.6.2-3_i386.deb
  to main/liba/libav/libavformat-dev_0.6.2-3_i386.deb
libavformat52_0.6.2-3_i386.deb
  to main/liba/libav/libavformat52_0.6.2-3_i386.deb
libavutil-dev_0.6.2-3_i386.deb
  to main/liba/libav/libavutil-dev_0.6.2-3_i386.deb
libavutil50_0.6.2-3_i386.deb
  to main/liba/libav/libavutil50_0.6.2-3_i386.deb
libpostproc-dev_0.6.2-3_i386.deb
  to main/liba/libav/libpostproc-dev_0.6.2-3_i386.deb
libpostproc51_0.6.2-3_i386.deb
  to main/liba/libav/libpostproc51_0.6.2-3_i386.deb
libswscale-dev_0.6.2-3_i386.deb
  to main/liba/libav/libswscale-dev_0.6.2-3_i386.deb
libswscale0_0.6.2-3_i386.deb
  to main/liba/libav/libswscale0_0.6.2-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 624...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 30 Apr 2011 11:56:03 +0200
Source: libav
Binary: ffmpeg ffmpeg-dbg libav-dbg libav-source ffmpeg-doc libav-doc 
libavutil50 libavcodec52 libavdevice52 libavformat52 libavfilter1 libpostproc51 
libswscale0 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev 
libavfilter-dev libpostproc-dev libswscale-dev
Architecture: source i386 all
Version: 4:0.6.2-3
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers 
<pkg-multimedia-maintain...@lists.alioth.debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description: 
 ffmpeg     - Multimedia player, server, encoder and transcoder
 ffmpeg-dbg - Debug symbols for Libav related packages
 ffmpeg-doc - Documentation of the Libav API (transitional package)
 libav-dbg  - Debug symbols for Libav related packages
 libav-doc  - Documentation of the Libav API
 libav-source - Patched Libav sources
 libavcodec-dev - Development files for libavcodec
 libavcodec52 - Libav codec library
 libavdevice-dev - Development files for libavdevice
 libavdevice52 - Libav device handling library
 libavfilter-dev - Development files for libavfilter
 libavfilter1 - Libav video filtering library
 libavformat-dev - Development files for libavformat
 libavformat52 - Libav file format library
 libavutil-dev - Development files for libavutil
 libavutil50 - Libav utility library
 libpostproc-dev - Development files for libpostproc
 libpostproc51 - Libav video postprocessing library
 libswscale-dev - Development files for libswscale
 libswscale0 - Libav video scaling library
Closes: 624339
Changes: 
 libav (4:0.6.2-3) unstable; urgency=high
 .
   [ Reinhard Tartler ]
   * syncronize configuration flags with Ubuntu
   * exclude more cruft from libav-source tarball
   * reenable AAC codec on ia64
   * compile with "-marm -fPIC -DPIC" on armel
 .
   [ Fabian Greffrath ]
   * Add libjack-dev to Build-Depends.
 .
   [ Reinhard Tartler ]
   * update upstream site to libav
   * disable warning about library configuration mismatch
   * relax dependencies of transitional package ffmpeg-dbg
   * severity set to high because of added security patches:
     - fix possibly expoitable bug in AMV decoder, Closes: #624339
     - fix misdetected fps in mkv and mp4 files
     - fix races in default av_log handler
Checksums-Sha1: 
 b52c0d32ef34710007d5bfee60cc0ffeaa973343 2334 libav_0.6.2-3.dsc
 20f4a2e86865f0778232dedbb60ea76c9c67cf6b 38121 libav_0.6.2-3.diff.gz
 0b02e56a3eafe84ee9f3c6a64bed59263d9cec66 272664 ffmpeg_0.6.2-3_i386.deb
 3c04ba6a2a47705b3c88a698da771b34ce676a31 39614 ffmpeg-dbg_0.6.2-3_i386.deb
 497abc964bd8ff24584cc8a1dd333fffb1e870e4 14910944 libav-dbg_0.6.2-3_i386.deb
 7652e682fa61b41536f6b77d5e4bc0a861dbd3ef 25516568 libav-source_0.6.2-3_all.deb
 a87ed5ea47d4213292efa3651ace5f56c7fae118 39580 ffmpeg-doc_0.6.2-3_all.deb
 b8863c8d15888b5d0a256aa73dc22eb1e6b20ee2 17508808 libav-doc_0.6.2-3_all.deb
 875baaa913136750bf8dfde17c6bcf47e5ac9cbb 106086 libavutil50_0.6.2-3_i386.deb
 53a0d574330aa0d218b5c364025cad65cf762865 4516128 libavcodec52_0.6.2-3_i386.deb
 290738b2f640777fc4f37c28ca3bdfa038a09d46 75898 libavdevice52_0.6.2-3_i386.deb
 b47445e9608a7195e245116e8a5eccfc0d4bd2ed 840206 libavformat52_0.6.2-3_i386.deb
 c66449f017d45e698f14612479cc0ba4681b4c50 79338 libavfilter1_0.6.2-3_i386.deb
 359fbfcb082cca1207a5ef97be3c5bca296968f3 156922 libpostproc51_0.6.2-3_i386.deb
 5bbae55b5204d4514e53db0e8d4d4a67d96fb3f2 237112 libswscale0_0.6.2-3_i386.deb
 5186dd7fcbeb25b4692485956ed3eae881feb46d 91056 libavutil-dev_0.6.2-3_i386.deb
 1d1f316ac505e5854a5583ea8392150b1909261a 2557004 
libavcodec-dev_0.6.2-3_i386.deb
 1850df12392358b2ad22cc15e8a99ebc923afcf1 58864 libavdevice-dev_0.6.2-3_i386.deb
 afa434bc0e92daa6faca288f3adc4d498cc501ad 532218 
libavformat-dev_0.6.2-3_i386.deb
 94a3ebf6a8fe6d7d644391cb9e24deeac55c86ec 70056 libavfilter-dev_0.6.2-3_i386.deb
 53b276d9cb7dc75e109d3be30720cd9bfc9b17b9 100380 
libpostproc-dev_0.6.2-3_i386.deb
 8d4aadb4c44a841a49183d1f35a9752bbf3afe27 150900 libswscale-dev_0.6.2-3_i386.deb
Checksums-Sha256: 
 7174329eb1be977f7a274dd101469b96e7c14ffb8f0c0d682bf54fe85b121de5 2334 
libav_0.6.2-3.dsc
 b85c4b232352604a37bb5439c7d1e4813d3442fcacbd099b7e8fc4860ea8ef48 38121 
libav_0.6.2-3.diff.gz
 9385cb5a1631b227edec7a21f3f8672721da8d54f1f552e799519b49c4bf1a38 272664 
ffmpeg_0.6.2-3_i386.deb
 4a17971d303bf993f66cab5ff4d2ed7c98a7b5cc53c3157b6d3d2ac6053da227 39614 
ffmpeg-dbg_0.6.2-3_i386.deb
 f26edea79cb6a70208944ba21efb2264a91ad12dde9198c5cc244792b95927bc 14910944 
libav-dbg_0.6.2-3_i386.deb
 96295e647f1a25a3637793f240c2d80b5f267aa40c328d852a8001d73152d974 25516568 
libav-source_0.6.2-3_all.deb
 f7ecfb5272ea62697e5aef1cc2b778c5a10b4723afe5dc645a5758bdf0926c59 39580 
ffmpeg-doc_0.6.2-3_all.deb
 123268253f1d3da2725f9a6dffd299c9b09552a25d4dcb3a6cb1c0c3da69336e 17508808 
libav-doc_0.6.2-3_all.deb
 4bc52b0f97c8d028564a8b930e0814e322faa370179a68aa3c9e5c60bc9538eb 106086 
libavutil50_0.6.2-3_i386.deb
 eada8bdfad61a58455c8f8f9a2e37bede53d93734daafac7c6ad5bc0732d081f 4516128 
libavcodec52_0.6.2-3_i386.deb
 0ea4464d1e8a78f958bdfc45c5fb7d55c1f63b4dcbfb0d7047a4ce3ddc978d55 75898 
libavdevice52_0.6.2-3_i386.deb
 f6c76d05581434fc32f7977ea2035da1c14e0c997796ce2cf4f35d8b56c24938 840206 
libavformat52_0.6.2-3_i386.deb
 9a8badeddb649bf6a64b8eba78e1f7ded703ae38d2dc2a3b1e15dca2bb0551ba 79338 
libavfilter1_0.6.2-3_i386.deb
 e70df480c386cdcceeaa1bbb8e078a596245dd29f6feeced6903daa9f0b560c2 156922 
libpostproc51_0.6.2-3_i386.deb
 1d961faf8dede147fe5e8f828cb493c83a4c2a228138750996bd7907ab0a52b0 237112 
libswscale0_0.6.2-3_i386.deb
 c3abb50b7ecd1d74dbb57870da8744999f12f87bfa0c420585e56102c13c41ea 91056 
libavutil-dev_0.6.2-3_i386.deb
 e4272f833ca42aee67865dd8d79ad7e8ab77bb1a1934fb49ba127c04dd038590 2557004 
libavcodec-dev_0.6.2-3_i386.deb
 ef1bf33b9a3e5d62c3ffb89a077ff062b7848ed2a856d152e4a01445af8cc937 58864 
libavdevice-dev_0.6.2-3_i386.deb
 538d1937fea73ce8280b0bf3a0e7e117d76ca778c58f1af21655164beae56948 532218 
libavformat-dev_0.6.2-3_i386.deb
 1c981de9dc2ba84a97e108309937d7cec1b46861972135e7adb76a384fec22fa 70056 
libavfilter-dev_0.6.2-3_i386.deb
 ebdf6a5f7a0ce3e2d312fdbce5740686e35cfc75e532d523821da10c8193d6b3 100380 
libpostproc-dev_0.6.2-3_i386.deb
 94ea34d9e5c1925d86b8a79ae95cc3efb2ba3c1b97e19bbfa026dd19ba48e608 150900 
libswscale-dev_0.6.2-3_i386.deb
Files: 
 d6312e41afcaf78697697b19b3df1d98 2334 libs optional libav_0.6.2-3.dsc
 ba7cee6b525162c5dc5ce08e3293edfa 38121 libs optional libav_0.6.2-3.diff.gz
 c1dcf65d97833367ce4479f473ae1928 272664 video optional ffmpeg_0.6.2-3_i386.deb
 ed0f6ed0585a6e778c36e183ff1c9f0d 39614 debug extra ffmpeg-dbg_0.6.2-3_i386.deb
 39d5b2c7fd773c15e0d98cb2cb67f830 14910944 debug extra 
libav-dbg_0.6.2-3_i386.deb
 8f73869408cba12972def02015f04986 25516568 devel optional 
libav-source_0.6.2-3_all.deb
 2211afa1a1ee39c8950b4cc9f50cf373 39580 doc optional ffmpeg-doc_0.6.2-3_all.deb
 64f1840f2e84438dd640e9aae90fbb6f 17508808 doc optional 
libav-doc_0.6.2-3_all.deb
 aad457235d077814e65988f4480ff618 106086 libs optional 
libavutil50_0.6.2-3_i386.deb
 89accf9bf535630c334709ba7ae0f6e5 4516128 libs optional 
libavcodec52_0.6.2-3_i386.deb
 0e71a828e713879f480ddec9450805bf 75898 libs optional 
libavdevice52_0.6.2-3_i386.deb
 4fab9d3a54e7ab524fcdf759dd0f7844 840206 libs optional 
libavformat52_0.6.2-3_i386.deb
 b62b4dbfe6e713f29ca612a1a81f0068 79338 libs optional 
libavfilter1_0.6.2-3_i386.deb
 2185c0ee839b3ca81e32174fe20722fd 156922 libs optional 
libpostproc51_0.6.2-3_i386.deb
 125d2c797359934d8cd775e29f36886d 237112 libs optional 
libswscale0_0.6.2-3_i386.deb
 b594fea4516addd17a6e578a576e0e3d 91056 libdevel optional 
libavutil-dev_0.6.2-3_i386.deb
 71d8d52eb37b53c23a5aa77caeb46840 2557004 libdevel optional 
libavcodec-dev_0.6.2-3_i386.deb
 8872c75c8d8b5ce364c9ce7a050f0830 58864 libdevel optional 
libavdevice-dev_0.6.2-3_i386.deb
 0ce67d4472f34dd0670c7fa7ab622c18 532218 libdevel optional 
libavformat-dev_0.6.2-3_i386.deb
 7108a5d9369d642a673046f01518ab94 70056 libdevel optional 
libavfilter-dev_0.6.2-3_i386.deb
 fc2c1c382f790228a44a031407f5afa2 100380 libdevel optional 
libpostproc-dev_0.6.2-3_i386.deb
 6b616e731b5eacc11aea81889da44ff1 150900 libdevel optional 
libswscale-dev_0.6.2-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Debian Powered!

iEYEARECAAYFAk278cgACgkQmAg1RJRTSKRQwQCfbIZJuOKibSzZBDLUB6HApvf1
b9IAnAjXFaDJf9/j9KFFeojrnbSBE/Oy
=OmgF
-----END PGP SIGNATURE-----

--- End Message ---