Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Jul 29 22:23:49 UTC 2008
>> Package: libavformat52
>> Version: 0.svn20080206-11
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>>
>> ubuntu just updated their libavformat packages to patch a problem with
>> STR file demuxing [1]. does this problem apply to debian as well? the
>> CVE number is CVE-2008-3162 [2].
>>
>> [1] http://www.ubuntu.com/usn/usn-630-1
>> [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162
> Thanks for your report but this bug is a clear dupe of #489965.
ok, i appologize, i did a quick scan of bugs in libavformat, and
somehow missed this.
there has not been a DSA to fix this problem in stable. is the
libavformat0d package vulnerable there? and if so, why isn't the
issue being tracked [1]?
[1] http://security-tracker.debian.net/tracker/status/release/stable
More information about the pkg-multimedia-maintainers
mailing list