Your message dated Tue, 23 Oct 2012 07:03:00 +0000 with message-id <e1tqyvw-0005kf...@franck.debian.org> and subject line Bug#688847: fixed in libav 6:0.8.4-1 has caused the Debian Bug report #688847, regarding libav: multiple CVEs in ffmpeg/libav to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688847: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688847 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libav Severity: grave Justification: user security hole Hi, it seems that a huge pile of CVE were allocated for ffmpeg/libav and are supposed to be fixed in 0.11: CVE-2012-2772 CVE-2012-2774 CVE-2012-2775 CVE-2012-2776 CVE-2012-2777 CVE-2012-2779 CVE-2012-2782 CVE-2012-2783 CVE-2012-2784 CVE-2012-2785 CVE-2012-2786 CVE-2012-2787 CVE-2012-2788 CVE-2012-2789 CVE-2012-2790 CVE-2012-2791 CVE-2012-2792 CVE-2012-2793 CVE-2012-2794 CVE-2012-2795 CVE-2012-2796 CVE-2012-2797 CVE-2012-2798 CVE-2012-2799 CVE-2012-2800 CVE-2012-2801 CVE-2012-2802 CVE-2012-2803 CVE-2012-2804 As far as I can tell you're already aware of that, but so it's just a tracking bug. Regards, -- Yves-Alexis -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-grsec-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---Source: libav Source-Version: 6:0.8.4-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 688...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 22 Oct 2012 20:57:08 +0200 Source: libav Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev libavutil-extra-51 libavcodec-extra-53 libavdevice-extra-53 libavfilter-extra-2 libpostproc-extra-52 libavformat-extra-53 libswscale-extra-2 Architecture: all amd64 source Version: 6:0.8.4-1 Distribution: unstable Urgency: low Maintainer: Reinhard Tartler <siret...@debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Closes: 688847 690726 Description: ffmpeg-dbg - Debug symbols for Libav related packages (transitional package) ffmpeg-doc - Documentation of the Libav API (transitional package) ffmpeg - Multimedia player, server, encoder and transcoder (transitional p libavcodec53 - Libav codec library libavcodec-dev - Development files for libavcodec libavcodec-extra-53 - Libav codec library (additional codecs) libav-dbg - Debug symbols for Libav related packages libavdevice53 - Libav device handling library libavdevice-dev - Development files for libavdevice libavdevice-extra-53 - Libav device handling library (transitional package) libav-doc - Documentation of the Libav API libav-extra-dbg - Debug symbols for Libav related packages (transitional package) libavfilter2 - Libav video filtering library libavfilter-dev - Development files for libavfilter libavfilter-extra-2 - Libav filter library (transitional package) libavformat53 - Libav file format library libavformat-dev - Development files for libavformat libavformat-extra-53 - Libav video postprocessing library (transitional package) libav-tools - Multimedia player, server, encoder and transcoder libavutil51 - Libav utility library libavutil-dev - Development files for libavutil libavutil-extra-51 - Libav utility library (transitional package) libpostproc52 - Libav video postprocessing library libpostproc-dev - Development files for libpostproc libpostproc-extra-52 - Libav video postprocessing library (transitional package) libswscale2 - Libav video scaling library libswscale-dev - Development files for libswscale libswscale-extra-2 - Libav video software scaling library (transitional package) Changes: libav (6:0.8.4-1) unstable; urgency=low . * New upstream security/bugfix release. New release fixes: (bug numbers reference http://bugzilla.libav.org, Closes: #688847) - h264 (Bug 118), vc1dec (CVE-2012-2796), sipr, bmpdec (bug 367), alsdec (CVE-2012-2775), rv34/rv40 (CVE-2012-2772), indeo3/indeo4 (CVE-2012-2776, CVE-2012-2779, CVE-2012-2787, CVE-2012-2794, CVE-2012-2800), vorbisenc, vorbisdec (Bug 277), snow, ac3dec (CVE-2012-2802), avsdec (CVE-2012-2801), dfa (CVE-2012-2786, CVE-2012-2798), lagrith (CVE-2012-2793), wmaprodec (CVE-2012-2789 & Bug 327), avidec (CVE-2012-2788, CVE-2012-2790), cavsdec (CVE-2012-2777, CVE-2012-2784), wav (Bug 379), yuff4mpeg (Bug 373), mpegaudio, tiffenc, smacker (Bug 265). - smaller bug fixes in avconv (Bug 352) - fix lt() and lte() in function evaluator - fix segfault in avformat_open_input() - fix segfault in golomb decoder (bug 310) - fix segfault (double free) in libavfilter - convert dfa decoder to bytestream2 API to protect from overreads - bugfix in vf_pad/scale filter (Bug 203 & 245) - lavc: remove stats_out and stats_in from the options table. (Bug 380, Closes: #690726) * Drop patches applied upstream. Checksums-Sha1: 7c682b1fc8721b261253e2efac496f1af0ca284d 367602 libav-tools_0.8.4-1_amd64.deb 04ca39cef422e3e641bdb4402b9f61e44d1b6a4a 137502 ffmpeg_0.8.4-1_amd64.deb 9d2e302962517c1e85889e4f969896feede14d47 42624 ffmpeg-dbg_0.8.4-1_all.deb 977d0e5506330d900de0c7c026ac6408c12ebf8b 21699776 libav-dbg_0.8.4-1_amd64.deb 8f4490d4ac6f9ebe1402c02d5cd2bb689ceaedf0 42620 libav-extra-dbg_0.8.4-1_all.deb f68863213765043640746714eadaa05837caf47d 42688 ffmpeg-doc_0.8.4-1_all.deb 3af87de8a67dbd04c8e879328cbf61749b7e7836 12442554 libav-doc_0.8.4-1_all.deb 2e5e6a55c77169ee992c0449bc7ef53d2194e3fd 92080 libavutil51_0.8.4-1_amd64.deb bbda12b4fa30324530bd97b7fa4c54813ab7b65e 2501034 libavcodec53_0.8.4-1_amd64.deb 1442e31ccce5a22ce2eed2a35de0f9970ead934d 67850 libavdevice53_0.8.4-1_amd64.deb acb0512bf969ee002ff736c166cb504c7bcd8352 463386 libavformat53_0.8.4-1_amd64.deb c69f93886808041d97003c5f7343d5188089a54f 114132 libavfilter2_0.8.4-1_amd64.deb 6d69d58dfeba27fad74f6eaea1774f88d8f396e7 88136 libpostproc52_0.8.4-1_amd64.deb 525c9445c47e5c31ddcabc0c44e5e4581e840a9d 120000 libswscale2_0.8.4-1_amd64.deb ff7fbf7d84ece33d7e338f405d69b8a8b1f7b2fa 131966 libavutil-dev_0.8.4-1_amd64.deb a874f99124a8194fb4385caecb016334ba6ab9dd 2745882 libavcodec-dev_0.8.4-1_amd64.deb d946430d91f70ad863b4b0cf9eb43a809ac7c30f 69654 libavdevice-dev_0.8.4-1_amd64.deb c57da72b08d7927bc4e2dccb486dd7faf5ff8229 549582 libavformat-dev_0.8.4-1_amd64.deb 4fe6bd37edc0b5277d167822265a767d7fa15c0d 133566 libavfilter-dev_0.8.4-1_amd64.deb c3c3bd127cc51ff19989cdb76b4c12692c06e00f 88316 libpostproc-dev_0.8.4-1_amd64.deb 1375f38a26cb99d32a8bb4e3581a9e13a8c580d2 130392 libswscale-dev_0.8.4-1_amd64.deb 10dcde6b03b86d9c03cdfb0d838c2256f6eeae4a 42654 libavutil-extra-51_0.8.4-1_all.deb 9c718dcaeb675c243b0b414f21e42f33224c9e8a 2504614 libavcodec-extra-53_0.8.4-1_amd64.deb 48393bead6cb332b78b55dba70f8a25bab60f2f1 42658 libavdevice-extra-53_0.8.4-1_all.deb a20c4ac54e67582ffd478c040fddd5c22ee36a9a 42654 libavfilter-extra-2_0.8.4-1_all.deb d124b73c8cda534ed93867fbff8fa818b54cefcc 42672 libpostproc-extra-52_0.8.4-1_all.deb 71f934f0656d616a0c17f95b442a1ad2d4f42296 42660 libavformat-extra-53_0.8.4-1_all.deb ae152eb690f7f9ba053475ecab9cd651f2994826 42660 libswscale-extra-2_0.8.4-1_all.deb 0079f7b70a2e1af02189aa867b3584de4686c5cd 3680 libav_0.8.4-1.dsc 050043f36de55b1a716645f959112d65246ede0f 5449993 libav_0.8.4.orig.tar.gz 9720c71d6722450b581020c8e9f50a46d1f09eaf 42497 libav_0.8.4-1.debian.tar.gz Checksums-Sha256: a6de9d86ee61d623b86cffb0b6cf0857f31ffd1a9e431901101caab3984fb1ca 367602 libav-tools_0.8.4-1_amd64.deb a84bca76fe1ced433d43b9ad2bec74ce75a9b37a2a68b4b14210830f11213ba9 137502 ffmpeg_0.8.4-1_amd64.deb d7a00a4ebbdf35a1089aeecee391ad9f18aae4436e1104047730ff5cc65b7132 42624 ffmpeg-dbg_0.8.4-1_all.deb 267b80fd604a87e32787e2709ca687b90f67d6d5ea9a397baa50982dd3d4ae08 21699776 libav-dbg_0.8.4-1_amd64.deb 73d6285a0ec167baffd603e1cd395485c787d55a3da89722bfee2b403e39c1d0 42620 libav-extra-dbg_0.8.4-1_all.deb b5d58ef38ed52c3d05f9f7f513fee4113c7e408d7ae0d6869d8e63d137c3943e 42688 ffmpeg-doc_0.8.4-1_all.deb 0c5b720a6c978ede7f85dae6d388c7a50793d8f990483f97d51a1a38eaa35a79 12442554 libav-doc_0.8.4-1_all.deb b7a7d60490ce7675ac9c860f44a388f40a897da0d42a56e2d9ca9eac4be82547 92080 libavutil51_0.8.4-1_amd64.deb e046e73e25a475349f43b316e95ae1cea305d8ecfabb0a683b4e9d6942a18e19 2501034 libavcodec53_0.8.4-1_amd64.deb 339805050a5c73e6d16ff553f7cf9fd09cb0ca643141a58c4dd0c258ee400262 67850 libavdevice53_0.8.4-1_amd64.deb 52d973879c74562503888e564b8122ce093e33de8952de7a427128b951539754 463386 libavformat53_0.8.4-1_amd64.deb d30b2ce10caeb85e4e3dad6485389dcb24027963d98bd79dbaa9d04d35eb1633 114132 libavfilter2_0.8.4-1_amd64.deb 7c1190543f7bb4ca8739b791640509d876fcea6f34a57f55d5827604aff4ea30 88136 libpostproc52_0.8.4-1_amd64.deb b5c26bcaf542f7bb8c2cb53dee4cf42ffac978c5f0808160ca724cc2f49c0366 120000 libswscale2_0.8.4-1_amd64.deb e3368e51e04d80874d6267ac3f27fdd3d8b78f2227ed14f081f28279c957ea10 131966 libavutil-dev_0.8.4-1_amd64.deb bcf63b2471773bebf145dd6066a112b98c5292123541a56543dc2b8f9777c7a4 2745882 libavcodec-dev_0.8.4-1_amd64.deb 9ae1568a94a5be63a863cbebe73517e78a73b0d3f8fafa52c1da84a5d222320c 69654 libavdevice-dev_0.8.4-1_amd64.deb 778fc018e4b480de351bb50c3b566efc2343086ff5e59bb0d2e388c7c33a26e7 549582 libavformat-dev_0.8.4-1_amd64.deb ae15ea316cf3d776fcab0744d3ed51850c0da12ff5825f5cb44beba54382c729 133566 libavfilter-dev_0.8.4-1_amd64.deb 2d0d2bbd8db9ce6ad0e5eb9f7bc1b2bf3429fe0fb55558fc30ecd18c60d9f410 88316 libpostproc-dev_0.8.4-1_amd64.deb 749866b92df296934f16a1ad81529420f31e63e91dcaa1627576cbaf228e7b00 130392 libswscale-dev_0.8.4-1_amd64.deb c347199ac3ccd5dfc65290c8ad79f0cf091dbcee63be027655f92c39541c462f 42654 libavutil-extra-51_0.8.4-1_all.deb c4a5e22410115ddc08bb35bd3ffe95ed53a97d4b4f7d7671775087f87d1bea9d 2504614 libavcodec-extra-53_0.8.4-1_amd64.deb 0e84c860abe2ef38b5cc8e705d0f877cc8706f7a7b4e5225222c7d282e85af00 42658 libavdevice-extra-53_0.8.4-1_all.deb f96bae69c6533228b60a08d385900ac8d61a88efd1d44579b779c750ac409859 42654 libavfilter-extra-2_0.8.4-1_all.deb 08d32ab8b890e75dd709535f55419d9df42127af6d4794018907e8c42e97761c 42672 libpostproc-extra-52_0.8.4-1_all.deb 2496e05686de7edb1b929a868ebba042ff985fb5cbd09fa69cc1d16bbeca72e2 42660 libavformat-extra-53_0.8.4-1_all.deb 64890c1a96cc943b0fbd21e92f26756e2a4abe9ea0f22217e3e7a1aff9ea9227 42660 libswscale-extra-2_0.8.4-1_all.deb 34f018e2d7242c3010ae40310edacaf2ac416cc73cdf9c869222fcce52b8e9a2 3680 libav_0.8.4-1.dsc 5127e415334f0a09059c6bb44b759d714c7a85b0fe757747ed31643e88d4cf42 5449993 libav_0.8.4.orig.tar.gz e759e1784fc968ce775daac239e0d42fabb987b28bbfe0f898d2ec0f035ffbec 42497 libav_0.8.4-1.debian.tar.gz Files: b8c0c9fbd1cf82feec3b19d4cb55525d 367602 video optional libav-tools_0.8.4-1_amd64.deb 2718f7d03d94c529d36f111563849d22 137502 oldlibs extra ffmpeg_0.8.4-1_amd64.deb ad7f84e6294e7c3c2522a08b6f974bb9 42624 oldlibs extra ffmpeg-dbg_0.8.4-1_all.deb d120376257d758384be4378199437e32 21699776 debug extra libav-dbg_0.8.4-1_amd64.deb 9053e5b05b4e7131d0178f2673c39953 42620 oldlibs extra libav-extra-dbg_0.8.4-1_all.deb 2c5d6420271ac80dfa9645a343f9f8b5 42688 oldlibs extra ffmpeg-doc_0.8.4-1_all.deb 201a4f23f8d96b57548108eb33bbf4e8 12442554 doc optional libav-doc_0.8.4-1_all.deb bfc2d110bbe8db7cbff24183f411fed3 92080 libs optional libavutil51_0.8.4-1_amd64.deb 3c87ddcd8a29731bfb154d788e7ecb53 2501034 libs optional libavcodec53_0.8.4-1_amd64.deb adf9736bc348de198527f9bdb6e0a6e3 67850 libs optional libavdevice53_0.8.4-1_amd64.deb 9a3ba47108f8427321e79ab527f9f33e 463386 libs optional libavformat53_0.8.4-1_amd64.deb 7b84fa8e4440c6f48cb9ac4ddd2c7fbf 114132 libs optional libavfilter2_0.8.4-1_amd64.deb 73734c677fe660bec83839e968eb1ce7 88136 libs optional libpostproc52_0.8.4-1_amd64.deb b7f133e85b1a7c2ccbbf47879ef23ae1 120000 libs optional libswscale2_0.8.4-1_amd64.deb 133178e54e2f91b63c0938be7ba0385d 131966 libdevel optional libavutil-dev_0.8.4-1_amd64.deb aa192140885132d6331bcceaa2575a75 2745882 libdevel optional libavcodec-dev_0.8.4-1_amd64.deb 2a2da2a8534dfc33ee577eb99c148659 69654 libdevel optional libavdevice-dev_0.8.4-1_amd64.deb e5f064445de0a2c58c2efb3e0311970b 549582 libdevel optional libavformat-dev_0.8.4-1_amd64.deb ddd5c430b0ccd4e2603005ebb9cce65e 133566 libdevel optional libavfilter-dev_0.8.4-1_amd64.deb 6f1d5291102cd9d733cf3d052956f3e0 88316 libdevel optional libpostproc-dev_0.8.4-1_amd64.deb c2fd6f4956704eb7b5a325ecc3ad5be6 130392 libdevel optional libswscale-dev_0.8.4-1_amd64.deb d60adbacafe2921a3db877c66d96f6e3 42654 oldlibs extra libavutil-extra-51_0.8.4-1_all.deb 138d4acf82bc29e34175a052e44011cf 2504614 libs optional libavcodec-extra-53_0.8.4-1_amd64.deb a36bf302121d84ca91eacadfc2070190 42658 oldlibs extra libavdevice-extra-53_0.8.4-1_all.deb 8884a6ef68f0d8d73adbd79ae7fb827a 42654 oldlibs extra libavfilter-extra-2_0.8.4-1_all.deb f56ff8aba5be31b2093df77631fe44ad 42672 oldlibs extra libpostproc-extra-52_0.8.4-1_all.deb dd7a4243ecc8dbbbadcd9ca8c4255611 42660 oldlibs extra libavformat-extra-53_0.8.4-1_all.deb e3f945838e36dbc06a997073b62246f5 42660 oldlibs extra libswscale-extra-2_0.8.4-1_all.deb 18f8b686451ed3cc1bed6b0382b04c22 3680 libs optional libav_0.8.4-1.dsc b6b4f930d387039c2e920a51e97a977e 5449993 libs optional libav_0.8.4.orig.tar.gz 34641429c4108bd0dd7b9a05f0403eaa 42497 libs optional libav_0.8.4-1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Debian Powered! iEYEARECAAYFAlCGO/0ACgkQmAg1RJRTSKTlwACeLfThoWKl8ZHqne6EnduTyYNN MWAAn2e7d2loA8+Jznc/bGAuLoNOmhAY =qmV8 -----END PGP SIGNATURE-----
--- End Message ---
