Your message dated Sun, 24 Mar 2013 18:18:14 +0000 with message-id <e1ujpuk-0003ds...@franck.debian.org> and subject line Bug#703200: fixed in libav 6:0.8.6-1 has caused the Debian Bug report #703200, regarding libav: CVE-2013-0894 CVE-2013-2277 CVE-2013-2495 CVE-2013-2496 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 703200: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703200 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---package: src:libav severity: grave version: 6:0.8.5-1 Hi, the following vulnerabilities were published for libav. These are currently unfixed in 0.8.5-1. CVE-2013-0894[0]: | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the | Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, | as used in Google Chrome before 25.0.1364.97 on Windows and Linux and | before 25.0.1364.99 on Mac OS X and other products, allows remote | attackers to cause a denial of service (divide-by-zero error or | out-of-bounds array access) or possibly have unspecified other impact | via vectors involving a zero value for a bark map size. CVE-2013-2277[1]: | The ff_h264_decode_seq_parameter_set function in h264_ps.c in | libavcodec in FFmpeg before 1.1.3 does not validate the relationship | between luma depth and chroma depth, which allows remote attackers to | cause a denial of service (out-of-bounds array access and application | crash) or possibly have unspecified other impact via crafted H.264 | data. CVE-2013-2495[2]: | The iff_read_header function in iff.c in libavformat in FFmpeg through | 1.1.3 does not properly handle data sizes for Interchange File Format | (IFF) data during operations involving a CMAP chunk or a video codec, | which allows remote attackers to cause a denial of service (integer | overflow, out-of-bounds array access, and application crash) or | possibly have unspecified other impact via a crafted header. CVE-2013-2496[3]: | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in | FFmpeg through 1.1.3 does not properly determine certain end pointers, | which allows remote attackers to cause a denial of service | (out-of-bounds array access and application crash) or possibly have | unspecified other impact via crafted Microsoft RLE data. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0894 http://security-tracker.debian.org/tracker/CVE-2013-0894 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2277 http://security-tracker.debian.org/tracker/CVE-2013-2277 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2495 http://security-tracker.debian.org/tracker/CVE-2013-2495 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2496 http://security-tracker.debian.org/tracker/CVE-2013-2496
--- End Message ---
--- Begin Message ---Source: libav Source-Version: 6:0.8.6-1 We believe that the bug you reported is fixed in the latest version of libav, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 703...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated libav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 24 Mar 2013 07:35:51 +0100 Source: libav Binary: libav-tools ffmpeg ffmpeg-dbg libav-dbg libav-extra-dbg ffmpeg-doc libav-doc libavutil51 libavcodec53 libavdevice53 libavformat53 libavfilter2 libpostproc52 libswscale2 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libpostproc-dev libswscale-dev libavutil-extra-51 libavcodec-extra-53 libavdevice-extra-53 libavfilter-extra-2 libpostproc-extra-52 libavformat-extra-53 libswscale-extra-2 Architecture: source i386 all Version: 6:0.8.6-1 Distribution: unstable Urgency: low Maintainer: Reinhard Tartler <siret...@debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Description: ffmpeg - Multimedia player, server, encoder and transcoder (transitional p ffmpeg-dbg - Debug symbols for Libav related packages (transitional package) ffmpeg-doc - Documentation of the Libav API (transitional package) libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-extra-dbg - Debug symbols for Libav related packages (transitional package) libav-tools - Multimedia player, server, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra-53 - Libav codec library (additional codecs) libavcodec53 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice-extra-53 - Libav device handling library (transitional package) libavdevice53 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter-extra-2 - Libav filter library (transitional package) libavfilter2 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat-extra-53 - Libav video postprocessing library (transitional package) libavformat53 - Libav file format library libavutil-dev - Development files for libavutil libavutil-extra-51 - Libav utility library (transitional package) libavutil51 - Libav utility library libpostproc-dev - Development files for libpostproc libpostproc-extra-52 - Libav video postprocessing library (transitional package) libpostproc52 - Libav video postprocessing library libswscale-dev - Development files for libswscale libswscale-extra-2 - Libav video software scaling library (transitional package) libswscale2 - Libav video scaling library Closes: 703200 Changes: libav (6:0.8.6-1) unstable; urgency=low . * Imported Upstream version 0.8.6, new releases fixes: - h264: check for luma and chroma bit depth being equal (CVE-2013-2277) - iff: validate CMAP palette size (CVE-2013-2495) - msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496) - vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894) - Thus, closes: #703200 Checksums-Sha1: ba3379c2f5c09ae2891268f3f05d6ca2dcdadb08 3680 libav_0.8.6-1.dsc c143f55d4a2897a56309214956e66578dd675659 5289362 libav_0.8.6.orig.tar.gz 4371e587ed11062ac9f34ee43e410fbe0e9f155e 41609 libav_0.8.6-1.debian.tar.gz de688a18d83b715c1b135ecfbb7a56c6985fa7d9 363784 libav-tools_0.8.6-1_i386.deb 9e8adf595e15592a248ab0b94358119f1febe948 139144 ffmpeg_0.8.6-1_i386.deb e399cd30295e9b6339157891ff78ebd63631f04f 43932 ffmpeg-dbg_0.8.6-1_all.deb 9dc53d7c6fd1296858be523a9f8fa739c2cc22b4 41368058 libav-dbg_0.8.6-1_i386.deb c9cd5df214d164c24e0a039a52deba9907567695 43936 libav-extra-dbg_0.8.6-1_all.deb ea2ac39037fb5da2f6a881430a16bd4d85b3b6f6 43998 ffmpeg-doc_0.8.6-1_all.deb d4437136db7eb85d3ea644fc7930b7bf01b159f7 12505806 libav-doc_0.8.6-1_all.deb f4d817d3f799a5dcfcdc307f106c8a04a865ec58 107462 libavutil51_0.8.6-1_i386.deb 3faa50b3c624b4a33693bf0576f6e1d6b7f0a4cc 3189678 libavcodec53_0.8.6-1_i386.deb dc77318080120248d77e0918eb718669470c2b32 71896 libavdevice53_0.8.6-1_i386.deb 584a6754254dee6f752667b5c838d957aad6addf 590436 libavformat53_0.8.6-1_i386.deb f90be126f44c3036c82e02771b3bfd834bfac18a 132394 libavfilter2_0.8.6-1_i386.deb 4e14916d06dcd4887badd03365e0b8e7009b193e 97320 libpostproc52_0.8.6-1_i386.deb f0a74debce7e93c9891ff16bbb5b1c68fd2026ec 145402 libswscale2_0.8.6-1_i386.deb 00b852bbff689d714d4f706dcc41a095e49eea07 133418 libavutil-dev_0.8.6-1_i386.deb d7aa5f368c0088e005957d6dcc3be39db05960c7 2680262 libavcodec-dev_0.8.6-1_i386.deb 94ae1786766aa41acfe092e10325d5709accb22d 70632 libavdevice-dev_0.8.6-1_i386.deb e2fdc8ab83008ee2273823eea8c2950b29255975 558068 libavformat-dev_0.8.6-1_i386.deb f2bc09ae48d6b1350f17a56bf37943b67c864d31 133772 libavfilter-dev_0.8.6-1_i386.deb 7f17de2bda4fa779190ebc3fcd9906adfc641599 86428 libpostproc-dev_0.8.6-1_i386.deb 9c469c4d3f41f6ec5e307c5ee917210b1a934b3b 135028 libswscale-dev_0.8.6-1_i386.deb 51dd28d54251c5d9932aa4a5921b19fa7a1e73c2 43980 libavutil-extra-51_0.8.6-1_all.deb be12556be073424c07511db908f4bd69b2a192ae 3193932 libavcodec-extra-53_0.8.6-1_i386.deb 94c6ad7e7da06fbd2a6d8bc44c275049eb71d43a 43980 libavdevice-extra-53_0.8.6-1_all.deb 00b5f09b3e1879895a79e7c765748450f404d171 43970 libavfilter-extra-2_0.8.6-1_all.deb 9ee244a2d216f2c2ef19fff880309a4b124d356c 43988 libpostproc-extra-52_0.8.6-1_all.deb 8b36f6fb9b43795e8679eda5c1fc2b74c3d8a57f 43972 libavformat-extra-53_0.8.6-1_all.deb ee1c6a4abfd3f060cf8b5f471eb51580a276fbd2 43986 libswscale-extra-2_0.8.6-1_all.deb Checksums-Sha256: 3d39daefddf7de385fe90ef739fffb489c590800eb898f4c06cc6b8811757cea 3680 libav_0.8.6-1.dsc b03e23f3c34331ce955c2ac4e90994d1b7b0f1b7f52e9c651daf94a99671dd67 5289362 libav_0.8.6.orig.tar.gz afa31c9ff32477598094dd3347c1a9c4cb88fe26971ce9f7824c448400fc2f4c 41609 libav_0.8.6-1.debian.tar.gz e34d6583bcfc523eea3b918fb914368638a43d6f5af4a31335e47dd4bceb6398 363784 libav-tools_0.8.6-1_i386.deb 76813d0536e753a94f922462c514181e0eee6c3fde6a62a11816deae33bdc825 139144 ffmpeg_0.8.6-1_i386.deb 7db3d3e5574b3c809762af40adafb120a9c453a50528b6f3accbfd686f3bd8d9 43932 ffmpeg-dbg_0.8.6-1_all.deb 24962999da4b73c8f8bca06faa29469ae61f81fd19a0a2dd6161987e6251a0a9 41368058 libav-dbg_0.8.6-1_i386.deb 7b6aec9aaa04edb479013e701fdfea1705893cb95155c1acf6b8663b0e87cd2f 43936 libav-extra-dbg_0.8.6-1_all.deb a5f949ef83b49da35743f4ccff91feea407b0f5365b16b4713e923ea6d904667 43998 ffmpeg-doc_0.8.6-1_all.deb e8141880e3acee2c3614df7d8deaed552bff4fc4151aaacea4b2acf70ad3959c 12505806 libav-doc_0.8.6-1_all.deb a70f7d30b34983e6b563d3e8f8f8826ff8ee7fe60b4d5164776a46c21fcd0ef7 107462 libavutil51_0.8.6-1_i386.deb 4572a718a1f781396a1179ac3585adc5b274c16e896af552155370e24c2f7e4c 3189678 libavcodec53_0.8.6-1_i386.deb 1e85dacd1a2e12700f74836a57f0a668b2c4b6d56cdc91fb164219239f3adde2 71896 libavdevice53_0.8.6-1_i386.deb 811cc8e1b0ec0ab713588da914276c9834a6ccf83ebc773470c3a00990665de1 590436 libavformat53_0.8.6-1_i386.deb 9aa8b89ecc9a0d3d1b38aeb867c1bcb7e734c485ec81c118822b1cbf57bf4163 132394 libavfilter2_0.8.6-1_i386.deb cf8c754636178604a9a69b49788e895fd7165d8828a986625d8b1ce4938db3c6 97320 libpostproc52_0.8.6-1_i386.deb 4cc0bddcfec28464da65b06b6ff50faa91c0fe5162269ced9eba77ace27c5046 145402 libswscale2_0.8.6-1_i386.deb 1ccc9f67ce67dff2340d7896fd971c4144b70965fd9b808cec6c8860f9d2f9d2 133418 libavutil-dev_0.8.6-1_i386.deb b8a246c6c8e215d345983919bc99240e213d18e1d4de60fea0aa641916ac6ffc 2680262 libavcodec-dev_0.8.6-1_i386.deb 16628a4653081ec4f9315f2bf23a58372f86c2ffb0dad3b8fd3c3717fec662eb 70632 libavdevice-dev_0.8.6-1_i386.deb eebcc9e9b0630d9a7ea5d2409c7b355ceb5144a217312c2a7713290ef16f69ae 558068 libavformat-dev_0.8.6-1_i386.deb ff068fbcb937a46737ffdb6e4f58e073360cf5a496437822b4192ce946e25665 133772 libavfilter-dev_0.8.6-1_i386.deb 31cf72249da0fed17c648f45bc7f92a0ddf06798758eccf69d333ac58d8b1069 86428 libpostproc-dev_0.8.6-1_i386.deb 044e2faf041491933f76cf032b050d59699cb928c27cc75e80df609c4637131a 135028 libswscale-dev_0.8.6-1_i386.deb 62fa45fb9d02b17e45d00064d5b209e694b94dadd278e3af8c3a789e06800733 43980 libavutil-extra-51_0.8.6-1_all.deb 1d2ea86e0c5477d0ce303455410711d4ffeea6613a5af62801695bf7472ed42f 3193932 libavcodec-extra-53_0.8.6-1_i386.deb 299358c86c29c0a07aca68ecae6cc8132165e98554ff7c3d73b71c0cadb6c01c 43980 libavdevice-extra-53_0.8.6-1_all.deb f5eb1234d3dcb1240365fdfc4770c46fcfb9c07b878c2c8230cc23579ee6347a 43970 libavfilter-extra-2_0.8.6-1_all.deb 64cce0309767aa79765ce2aac2ba8fa33c7f022f302dbc4ef22fb31f21a709d9 43988 libpostproc-extra-52_0.8.6-1_all.deb b7b41d3657fade6360fe395db27632be8e2f19b507a052b4a2d067116ab00add 43972 libavformat-extra-53_0.8.6-1_all.deb 0ede3bdbb1573a3f3a725d552859b3f26bfb466e14906e211ccae86b2805c348 43986 libswscale-extra-2_0.8.6-1_all.deb Files: ac78beaa9f8b7b686d4474d909ae06f9 3680 libs optional libav_0.8.6-1.dsc 7154a4cf9cc6ac3b6950b1355e0b0644 5289362 libs optional libav_0.8.6.orig.tar.gz 523d5cd5ce006132f796cceedbec4fa8 41609 libs optional libav_0.8.6-1.debian.tar.gz 67513bd15c26d7e6a95fb4b51e3b817c 363784 video optional libav-tools_0.8.6-1_i386.deb 350216260ad7452c05d22fe9dc9ea7c9 139144 oldlibs extra ffmpeg_0.8.6-1_i386.deb cb09e79a648e5ee51076b2dce2eff3b9 43932 oldlibs extra ffmpeg-dbg_0.8.6-1_all.deb 676596f14f22aa3af27ca5d53fb4839e 41368058 debug extra libav-dbg_0.8.6-1_i386.deb bbe774d5abf34b72b74cd100af6290ff 43936 oldlibs extra libav-extra-dbg_0.8.6-1_all.deb 5b04ff89778dd7292b51b3fb77368b6e 43998 oldlibs extra ffmpeg-doc_0.8.6-1_all.deb bce9ab59b137f0158030bb8faf760249 12505806 doc optional libav-doc_0.8.6-1_all.deb f53da34a68cb345f1b76d6fd3ac6168c 107462 libs optional libavutil51_0.8.6-1_i386.deb 14b052547513e9ee19b2f8b29868c4f0 3189678 libs optional libavcodec53_0.8.6-1_i386.deb 4685338f87078111078e54ebd1cae402 71896 libs optional libavdevice53_0.8.6-1_i386.deb 9aeb5b2171d22489a093b55f5d884914 590436 libs optional libavformat53_0.8.6-1_i386.deb ed5f25d6e7ffd2595fbbf4b858cde64b 132394 libs optional libavfilter2_0.8.6-1_i386.deb cb60ccd2afb22fc46f00fbcebae4846c 97320 libs optional libpostproc52_0.8.6-1_i386.deb c7788872459eccde400da5169a76444f 145402 libs optional libswscale2_0.8.6-1_i386.deb 111c32259063241ef02f07be53c1106e 133418 libdevel optional libavutil-dev_0.8.6-1_i386.deb 9bff668da5192bcfb667122312059430 2680262 libdevel optional libavcodec-dev_0.8.6-1_i386.deb 812aa9a359d5b2812872b332ed7b44e4 70632 libdevel optional libavdevice-dev_0.8.6-1_i386.deb 734cf9fcca63c45af4b1e64e9d1b19b6 558068 libdevel optional libavformat-dev_0.8.6-1_i386.deb d84179dfa35367874ead60024f976f41 133772 libdevel optional libavfilter-dev_0.8.6-1_i386.deb 0aa46dcf956d5860274b9680ad7c5309 86428 libdevel optional libpostproc-dev_0.8.6-1_i386.deb e3f1dfa94fa7eb1795c0cdf8f0ddc067 135028 libdevel optional libswscale-dev_0.8.6-1_i386.deb d87bef24e796ea386e79bbee9d83b0ba 43980 oldlibs extra libavutil-extra-51_0.8.6-1_all.deb 49dba15b7b8c43e274f68d8c5964fc04 3193932 libs optional libavcodec-extra-53_0.8.6-1_i386.deb 43b86043250ee98209946e1ce34f48a3 43980 oldlibs extra libavdevice-extra-53_0.8.6-1_all.deb e3ef4cba0ba8c5c36134276c8cce32af 43970 oldlibs extra libavfilter-extra-2_0.8.6-1_all.deb d5548100805f789d5299b23816ed2857 43988 oldlibs extra libpostproc-extra-52_0.8.6-1_all.deb c5cd6b66ff68b43d0c9e2542edd24a94 43972 oldlibs extra libavformat-extra-53_0.8.6-1_all.deb f92be0919d6994a4c5e1009adcb19a21 43986 oldlibs extra libswscale-extra-2_0.8.6-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Debian Powered! iEYEARECAAYFAlFPOtcACgkQmAg1RJRTSKRU6ACggiHHjjx2b4q8ySAJwgGjzbMJ qHIAn2ekHH6bm86xzCzqA6G2NtPShNbe =jFga -----END PGP SIGNATURE-----
--- End Message ---
