Your message dated Sat, 20 Oct 2012 11:00:09 +0000 with message-id <e1tpwmn-0005xh...@franck.debian.org> and subject line Bug#688847: fixed in libav 6:9~beta1-1 has caused the Debian Bug report #688847, regarding libav: multiple CVEs in ffmpeg/libav to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688847: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688847 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libav Severity: grave Justification: user security hole Hi, it seems that a huge pile of CVE were allocated for ffmpeg/libav and are supposed to be fixed in 0.11: CVE-2012-2772 CVE-2012-2774 CVE-2012-2775 CVE-2012-2776 CVE-2012-2777 CVE-2012-2779 CVE-2012-2782 CVE-2012-2783 CVE-2012-2784 CVE-2012-2785 CVE-2012-2786 CVE-2012-2787 CVE-2012-2788 CVE-2012-2789 CVE-2012-2790 CVE-2012-2791 CVE-2012-2792 CVE-2012-2793 CVE-2012-2794 CVE-2012-2795 CVE-2012-2796 CVE-2012-2797 CVE-2012-2798 CVE-2012-2799 CVE-2012-2800 CVE-2012-2801 CVE-2012-2802 CVE-2012-2803 CVE-2012-2804 As far as I can tell you're already aware of that, but so it's just a tracking bug. Regards, -- Yves-Alexis -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-grsec-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---Source: libav Source-Version: 6:9~beta1-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 688...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 16 Oct 2012 18:38:46 +0200 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil51 libavcodec54 libavdevice53 libavformat54 libavfilter3 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample0 libavutil-extra-51 libavcodec-extra-54 libavdevice-extra-53 libavfilter-extra-3 libavformat-extra-54 libswscale-extra-2 Architecture: source amd64 all Version: 6:9~beta1-1 Distribution: experimental Urgency: low Maintainer: Reinhard Tartler <siret...@debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, server, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra-54 - Libav codec library (additional codecs) libavcodec54 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice-extra-53 - Libav device handling library (transitional package) libavdevice53 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter-extra-3 - Libav filter library (transitional package) libavfilter3 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat-extra-54 - Libav file format library (transitional package) libavformat54 - Libav file format library libavresample-dev - Development files for libavresample libavresample0 - Libav audo resampling library libavutil-dev - Development files for libavutil libavutil-extra-51 - Libav utility library (transitional package) libavutil51 - Libav utility library libswscale-dev - Development files for libswscale libswscale-extra-2 - Libav video software scaling library (transitional package) libswscale2 - Libav video scaling library Closes: 671934 674139 679542 680602 681491 683895 688847 Changes: libav (6:9~beta1-1) experimental; urgency=low . [ Fabian Greffrath ] * Imported Upstream version 6:0.8.99-3213-gd16860a . [ Andres Mejia ] * Update libav-doc doc base. (Closes: #674139) . [ Fabian Greffrath ] * Use the cond_enable() macro for all additional features in debian/confflags. * Tidy up and sort configuration flags. * Add a debian/README.source file that describes how to rebuild libav with a reduced feature set in order to avoid circular build-dependencies for bootstrapping. * Restrict Build-Depends to "yasm [any-amd64 any-i386]" and explicitely disable it if not found. . [ Reinhard Tartler ] * add dependency on libavcodec54 to libav-dbg * add Pre-Depend on dpkg to libav-tools to ensure smooth updates * libav-tools.install: make files to install more explicit . [ Loïc Minier ] * Install the shared flavor last * control/Uploaders: update my email address . [ Reinhard Tartler ] * Declare a 'Breaks' relationship against mplayer, Closes: #671934 * Bug fix: "Multi-Arch: foreign libraries", thanks to Stepan Golosunov. * Remove Multi-arch header from the empty, transitional -extra- packages . [ Fabian Greffrath ] * Mention qt-faststart in the long description (Closes: #681491.) * Install all debug symbols into libav-dbg (Closes: #680602). * Do not run doxygen if it is not installed. * Fix up debian/changelog and get dependencies right accordingly. . [ Reinhard Tartler ] * Make libav-extra-dbg arch:all * Fix generation of shlibs file (Closes: #679542) . [ Fabian Greffrath ] * Also make libav-regular-dbg 'arch: all' for consistency with the other debug packages. * Fix generation of shlibs file not only for libavcodec*, but for all the other library packages as well. * Use xz compression for binary packages, thanks Ansgar Burchardt (Closes: #683895). . [ Reinhard Tartler ] * Drop the package libav-regular-dbg . [ Fabian Greffrath ] * Clarify relations between libavcodec54 and libavcodec-extra-54 in debian/control. . [ Reinhard Tartler ] * New Upstream version: 9 beta1 * remove compatibility links for ff* tools. * New release fixes all known CVE entries so far (Closes: #688847) * libav-dbg: avoid dependency on 'ffmpeg' package * remove package libav-extra-dbg * allow co-installation of libav-dbg with libavcodec-extra-54 * temporarily disable libopus support until #690563 is fixed Checksums-Sha1: 02eb8d48d2ca3babd44733c9f871f67151826b1c 3454 libav_9~beta1-1.dsc 31bcbd7e80c648d93bb4cb57bcc39f8392899b51 4077544 libav_9~beta1.orig.tar.xz 54a471f00e62c72de0a509feeed8cab48aa1ac1c 39574 libav_9~beta1-1.debian.tar.gz f510bad7b10b396f60bbcb15380a1a103c5912ac 3433906 libav-tools_9~beta1-1_amd64.deb 3fd5e8df2568493301a81fa1c9ac9620943299cc 33845570 libav-dbg_9~beta1-1_amd64.deb 0c09132e51f0208e58a1e3342865b9ab62056b97 13770020 libav-doc_9~beta1-1_all.deb 8786676071e1cc7b49f4cf5e7c3c4819a16abb61 98604 libavutil51_9~beta1-1_amd64.deb c7c241b62bd0f2fd42b0d1cac4f76dc08b935e60 2516728 libavcodec54_9~beta1-1_amd64.deb 562d232c95ee46fd472424a3a4a9bb5d6df27004 66366 libavdevice53_9~beta1-1_amd64.deb 9bc818b803a290ba12055abe1b17b175b0be4e0b 503604 libavformat54_9~beta1-1_amd64.deb ff009cd06ac08f99c99f5878a4edc9ab6c7e7a90 132220 libavfilter3_9~beta1-1_amd64.deb 5a4fd2bdfe34de167b2bc267e0717bb9b0ac8d40 115448 libswscale2_9~beta1-1_amd64.deb 9f9376129aaf0e57584e4cf36b60129f0265cd22 142916 libavutil-dev_9~beta1-1_amd64.deb e31be879ce55f55303215c8a497422cfbe795910 2775718 libavcodec-dev_9~beta1-1_amd64.deb 0f8151c3a88be643566e4179660a95dc606ca681 68416 libavdevice-dev_9~beta1-1_amd64.deb 7a13695cc124ef2e7f6322a3cefe4380df779272 591784 libavformat-dev_9~beta1-1_amd64.deb d7f3de1313f8449b7bd23cb0ed3fcce944e2d018 155556 libavfilter-dev_9~beta1-1_amd64.deb d259e809684ed1455508a4b43e2f4eccbe4f6979 126720 libswscale-dev_9~beta1-1_amd64.deb e4b127cb547d4fecaac61a2d040c156f93d07c84 76902 libavresample-dev_9~beta1-1_amd64.deb a85abfaf65a680284aec8ba479a8d4fcd433af9a 70492 libavresample0_9~beta1-1_amd64.deb cfebefeb5aa25b1fa50b1dbbb585d976efb72f72 41316 libavutil-extra-51_9~beta1-1_all.deb c2a70921f9f7d8654e9797261c58c18bc1a19f28 2520274 libavcodec-extra-54_9~beta1-1_amd64.deb 3fa8c21947b72e8e33323edf9243cdf62714a059 41316 libavdevice-extra-53_9~beta1-1_all.deb 29567053cf2dc90b69543e85fa829d3a680011d0 41314 libavfilter-extra-3_9~beta1-1_all.deb 7ae64c4a7cb9392ced7d32c83f8d46aa8bfcc8f1 41308 libavformat-extra-54_9~beta1-1_all.deb a8c2ccc7bb2b0a6293505008162028c5d9fc965e 41314 libswscale-extra-2_9~beta1-1_all.deb Checksums-Sha256: 41cbdd9b8810ef9f2dfee52aeb2d2f14e28f28fbffb82507f81dde156e62e7a7 3454 libav_9~beta1-1.dsc c0e2bdd31a470643fef955c24975d82563bc01ba753ea73a99931cb6f336dfff 4077544 libav_9~beta1.orig.tar.xz a1f61ef2cc2c62129e22a49d4933d05519c4db9af9370c09432ba19b82bee48f 39574 libav_9~beta1-1.debian.tar.gz f39e8561cff2f7cd8fde98b75543e98be689075b18a95367e1a4a36494671d4d 3433906 libav-tools_9~beta1-1_amd64.deb 74c1e795ff7b5727ab6a5ba1316e07ae1bb1c5acb25629b5caf5e2d9fe184b4a 33845570 libav-dbg_9~beta1-1_amd64.deb c7de4368d8b2d9ca40f4b397cbbae5b849ce531924da8db78ea1fd1a2e75af2f 13770020 libav-doc_9~beta1-1_all.deb a026ce916747a416a1cea19c5db8755d63d0db1f7cba7a4f1bd1ae4831c554c0 98604 libavutil51_9~beta1-1_amd64.deb f33b437a56bfc543cd1922a8f255fbf18e6f1f91ec94c36488662d735253fc3c 2516728 libavcodec54_9~beta1-1_amd64.deb d6b6e7dae9f14c925ff86f29eba78ebb719cc616c9435df398ab3815e2a8b423 66366 libavdevice53_9~beta1-1_amd64.deb 22cc54abb25244ce6c0070e1c954f49d73d3f1e09653520896fe8ab57ec6f2ad 503604 libavformat54_9~beta1-1_amd64.deb 3b27e6ca2fd0b15acc6f57292aca3dd2e1b674581ff05c4c0685bc2393c4374f 132220 libavfilter3_9~beta1-1_amd64.deb 26e996ec74fda2a797808719110dd8bda2526197b35ea190671122138680cd2a 115448 libswscale2_9~beta1-1_amd64.deb 7e71f97ce6212163ca119fda92e169a5e9a36e572eb0e90e4c804a74016e8d99 142916 libavutil-dev_9~beta1-1_amd64.deb 2cf9bb0114d78962c2f441ae2862c12c849367d23ae7d96af9f45b8645929b1d 2775718 libavcodec-dev_9~beta1-1_amd64.deb 94a6b232f464c67e21dae21563764590da593fcaa779e333dc8c2d5da2571438 68416 libavdevice-dev_9~beta1-1_amd64.deb 8748146ba25e73d70203031513d6ae1a9277488db943d7a6f2ea8b0b213c8a38 591784 libavformat-dev_9~beta1-1_amd64.deb 4d6941c5df24f1e6bb8d6aa061d48d71ca2cec4a790670474bfae741f98120ab 155556 libavfilter-dev_9~beta1-1_amd64.deb 99aabb4c4261e20044412f6ca84c50d6ca347c71b92bbe457dab14632066d984 126720 libswscale-dev_9~beta1-1_amd64.deb 465c5f098fb6abc584b483c6d4b6ec656555ed7cd47badcaf6728ce52805e089 76902 libavresample-dev_9~beta1-1_amd64.deb 9b8c2c9233ccb1643c1ec3bae1be0d9a5f57dd87cfaeed8590a392c1ec2a477d 70492 libavresample0_9~beta1-1_amd64.deb bcca391b56ffceace804024c27332dac0f5d0c3cc00d71aab2fec30d6d203a2b 41316 libavutil-extra-51_9~beta1-1_all.deb eebc4f6ed2534688662ee336c661b9810997bf78197a089ec7abe92223e40a24 2520274 libavcodec-extra-54_9~beta1-1_amd64.deb 36e89c483e74b953ccd481635865453c9b421d4d432fcc5224a42a5c8c7dba7e 41316 libavdevice-extra-53_9~beta1-1_all.deb 3b858755ae13ec8886b39d7922a7b790f90354fe542da049edd61f0b3e9de85d 41314 libavfilter-extra-3_9~beta1-1_all.deb 5322c041eb117b55fe968facaf59f7bc49c100a4fbea2a132b8ec5f7cfa94f38 41308 libavformat-extra-54_9~beta1-1_all.deb 29643c54fb3032fe6ad0f48f3304e73b7ac112016960b5641c49cdf4b93c8912 41314 libswscale-extra-2_9~beta1-1_all.deb Files: c8e8e7f311442662f59f4f5b01c0b3c5 3454 libs optional libav_9~beta1-1.dsc ab5175c01285320af771474c37307960 4077544 libs optional libav_9~beta1.orig.tar.xz 52ae229c9684feadf355d58c58dc3b3f 39574 libs optional libav_9~beta1-1.debian.tar.gz 3846a76732e1808b4f76f8f88381c456 3433906 video optional libav-tools_9~beta1-1_amd64.deb 0b6c5feccd42f79ba155cdf43849c20e 33845570 debug extra libav-dbg_9~beta1-1_amd64.deb 48645f1736a4d3fb0a8c63c9b091df04 13770020 doc optional libav-doc_9~beta1-1_all.deb 0a324842a93e412fc92df57207e5a267 98604 libs optional libavutil51_9~beta1-1_amd64.deb 2719c3d3fe151cbfa2b52fc11b98605c 2516728 libs optional libavcodec54_9~beta1-1_amd64.deb 91b94daf903c13b09b98ae931e2736bd 66366 libs optional libavdevice53_9~beta1-1_amd64.deb e709def1dd908e9fa8e47470f2d3e386 503604 libs optional libavformat54_9~beta1-1_amd64.deb 42b0fdd25b64dcd7af9a36f370919858 132220 libs optional libavfilter3_9~beta1-1_amd64.deb 0f64125db2068204e77bad4fb6720e69 115448 libs optional libswscale2_9~beta1-1_amd64.deb 240ff00c575afca3a014ad7d5c0e9f97 142916 libdevel optional libavutil-dev_9~beta1-1_amd64.deb ed7bf87763246d9e620666312ca80ed9 2775718 libdevel optional libavcodec-dev_9~beta1-1_amd64.deb 3f3de548dd464210d794d72376a37fdd 68416 libdevel optional libavdevice-dev_9~beta1-1_amd64.deb fb232d60bf0f13350cb629afb79bfaca 591784 libdevel optional libavformat-dev_9~beta1-1_amd64.deb f91ecb74ca62eabcb0a94151b2ea8557 155556 libdevel optional libavfilter-dev_9~beta1-1_amd64.deb ae00451eb5de259f81d6b8b771362623 126720 libdevel optional libswscale-dev_9~beta1-1_amd64.deb 7e625c9bef187b86202bae708ccb677f 76902 libdevel optional libavresample-dev_9~beta1-1_amd64.deb 5ddaa7f195f3e138b3858e34a4c63611 70492 libs optional libavresample0_9~beta1-1_amd64.deb 4b1271217cc3d7313f8ec20b62f34929 41316 oldlibs extra libavutil-extra-51_9~beta1-1_all.deb 0a116446e44240887c987bf268d2a6a8 2520274 libs optional libavcodec-extra-54_9~beta1-1_amd64.deb c2e1af85c7f04ab15728ba20e63d8994 41316 oldlibs extra libavdevice-extra-53_9~beta1-1_all.deb 7ac02abc7413e16616dd45a69eab83d3 41314 oldlibs extra libavfilter-extra-3_9~beta1-1_all.deb 9b7d019ae2067aee5299d0c4e766a3eb 41308 oldlibs extra libavformat-extra-54_9~beta1-1_all.deb 31593bea5b95fbb0a1e6e6ce12757867 41314 oldlibs extra libswscale-extra-2_9~beta1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Debian Powered! iEYEARECAAYFAlB9pvYACgkQmAg1RJRTSKQ7swCfXC9B9VGoxjVgSRakyPUHHJFP QCgAn2L6hjY64TL/7lgTD7pGIpCtRHhT =NqVx -----END PGP SIGNATURE-----
--- End Message ---
