Bug#550442: ffmpeg: deluge of crashes due to missing input sanitization
Reinhard Tartler
siretart at tauware.de
Fri Dec 4 23:33:02 UTC 2009
Moritz Muehlenhoff <jmm at inutil.org> writes:
> Sorry, this slipped through. An update for stable-security would be very
> welcome.
Test packages (both amd64 and i386) with build logs can be found at
http://pkg-multimedia.alioth.debian.org/ffmpeg-lenny/ for now.
Please note that because lenny does *not* ship FFmpeg 0.5 but an earlier
snapshot, not all patches did apply cleanly. I did my best to backports
all patches, but I needed to drop thee of them:
security/libavcodec/mpegaudiodec/0002-Check-data_size-in-decode_frame_mp3on4.patch
security/libavformat/mov/0003-check-stream-existence-before-assignment-fix-1222.patch
security/libavcodec/vp3/0003-Make-sure-that-all-memory-allocations-succeed.patch
The biggest problem is that I haven't tested them yet. Testers very
welcome!
If I get positive feedback, or Moritz asks me to do so, I'll of course
upload to security.debian.org immediately.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the pkg-multimedia-maintainers
mailing list