Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Jul 28 23:12:54 UTC 2008
Package: libavformat52
Version: 0.svn20080206-11
Severity: grave
Tags: security
Justification: user security hole
ubuntu just updated their libavformat packages to patch a problem with
STR file demuxing [1]. does this problem apply to debian as well? the
CVE number is CVE-2008-3162 [2].
[1] http://www.ubuntu.com/usn/usn-630-1
[2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-etchnhalf.1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libavformat52 depends on:
ii libavcodec51 0.svn20080206-11 ffmpeg codec library
ii libavutil49 0.svn20080206-11 ffmpeg utility library
ii libc6 2.7-12 GNU C Library: Shared libraries
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
libavformat52 recommends no packages.
libavformat52 suggests no packages.
-- no debconf information
More information about the pkg-multimedia-maintainers
mailing list