Bug#504977: ffmpeg-debian: Several security issues
Ben Hutchings
ben at decadent.org.uk
Sat Jan 10 04:26:04 UTC 2009
On Fri, 2009-01-09 at 22:16 +0000, Ben Hutchings wrote:
> On Fri, 2009-01-09 at 22:40 +0100, Reinhard Tartler wrote:
> > Ben Hutchings <ben at decadent.org.uk> writes:
> >
> > >> I'll upload it as soon as someone can confirm me that these packages
> > >> actually fix the problem.
> > >
> > > Based on inspection of the original code and patch for -4866 in this
> > > test package, I am confident that this will be fixed.
> >
> > hm. okay, then I'll upload that package.
> >
> > > Please also include the fix for -4867 (#496612) as it sounds like the
> > > bug could be used for code injection and the change looks low-risk.
> >
> > could you attach a patch there please first?
>
> Never mind, the problem code is not included in the current xine-lib
> package.
Gah, I'm getting confused between ffmpeg and xine bugs.
The problem code *is* in ffmpeg and the upstream fix should be
applicable:
--- trunk/libavcodec/dca.c (original)
+++ trunk/libavcodec/dca.c Sat Aug 23 15:29:13 2008
@@ -69,7 +69,7 @@ enum DCAMode {
#define HEADER_SIZE 14
#define CONVERT_BIAS 384
-#define DCA_MAX_FRAME_SIZE 16383
+#define DCA_MAX_FRAME_SIZE 16384
/** Bit allocation */
typedef struct {
--- END ---
Ben.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20090110/17458858/attachment.pgp
More information about the pkg-multimedia-maintainers
mailing list