Bug#504977: ffmpeg-debian: Several security issues
Reinhard Tartler
siretart at tauware.de
Wed Nov 12 08:23:18 UTC 2008
Reinhard Tartler <siretart at tauware.de> writes:
>> CVE-2008-4869[0]:
>> | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
>> | to cause a denial of service (memory consumption) via unknown vectors,
>> | aka a "Tcp/udp memory leak."
>
> you asked me later to ignore this. ok.
I'm sorry but I misread you. Investigating the issue further, it seems
to me that this issue is exactly the same as CVE-2008-4866. At least the
references seem to point to the same svn commits.
I take that CVE-2008-4866 and CVE-2008-4869 are actually dupes.
Summary: the only issue this bug is about is actually CVE-2008-4869,
where I have committed a patch, but would really need some help with
verifying the patch.
As for CVE-2008-4867, see bug #496612. Please raise the severity if you
think that should be fixed in lenny, but please not that I could really
need help with that bug as well.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the pkg-multimedia-maintainers
mailing list