Your message dated Mon, 10 Feb 2014 22:10:52 -0500
with message-id
<CAJ0cceYfkK7_vSzskJ0VNdOHjqLPrV=+hb1U5P7=k9nk3vh...@mail.gmail.com>
and subject line Re: Bug#738572: libav-tools: CVE-2011-3935
has caused the Debian Bug report #738572,
regarding libav-tools: CVE-2011-3935
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
738572: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738572
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libav-tools
Version: 6:9.11-1
Severity: grave
Tags: security
Justification: user security hole
Hi...
As far as I can see, CVE-2011-3935 [1] applies to libav-tools. As the
descriptions for the problem are bit low on information I use a high
severity - feel free to lower it if that is not appropriate. A fix for
ffmpeg is at [2].
[1] https://security-tracker.debian.org/tracker/CVE-2011-3935
[2]
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=668494acd8b20f974c7722895d4a6a14c1005f1e
cu
AW
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12.9 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages libav-tools depends on:
ii dpkg 1.17.6
ii libavcodec54 6:9.11-1
ii libavdevice53 6:9.10-2
ii libavfilter3 6:9.10-2
ii libavformat54 6:9.11-1
ii libavresample1 6:9.11-1
ii libavutil52 6:9.11-1
ii libbz2-1.0 1.0.6-5
ii libc6 2.17-97
ii libgnutls26 2.12.23-10+b1
ii libgsm1 1.0.13-4
ii libmp3lame0 3.99.5+repack1-3
ii libopenjpeg2 1.3+dfsg-4.7+b1
ii libopus0 1.1-1
ii librtmp0 2.4+20121230.gitdf6c518-1
ii libschroedinger-1.0-0 1.0.11-2
ii libsdl1.2debian 1.2.15-8
ii libspeex1 1.2~rc1.1-1
ii libswscale2 6:9.11-1
ii libtheora0 1.1.1+dfsg.1-3.1
ii libva1 1.2.1-2
ii libvorbis0a 1.3.2-1.3
ii libvorbisenc2 1.3.2-1.3
ii libvpx1 1.3.0-2
ii libx264-133 2:0.133.2339+git585324f-2+b1
ii libxvidcore4 2:1.3.2-9
ii zlib1g 1:1.2.8.dfsg-1
libav-tools recommends no packages.
Versions of packages libav-tools suggests:
pn frei0r-plugins <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
On Mon, Feb 10, 2014 at 1:12 PM, Arne Wichmann <a...@linux.de> wrote:
> Package: libav-tools
> Version: 6:9.11-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi...
>
> As far as I can see, CVE-2011-3935 [1] applies to libav-tools. As the
> descriptions for the problem are bit low on information I use a high
> severity - feel free to lower it if that is not appropriate. A fix for
> ffmpeg is at [2].
>
> [1] https://security-tracker.debian.org/tracker/CVE-2011-3935
> [2]
> http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=668494acd8b20f974c7722895d4a6a14c1005f1e
Thank you for pointing out this issue. Unfortunately, the patch at
hand does not apply to libav. As I don't see a test-case that
demonstrates how to exploit this issue, I'm closing this bug for now.
If you think this is in error, please follow-up with a more thorough
explanation of the issue that explains how to reproduce or exploit
this issue, and ideally, a patch that applies to our source.
Again, thanks and have a nice day.
--
regards,
Reinhard
--- End Message ---
