Bug#550442: ffmpeg: deluge of crashes due to missing input sanitization
Reinhard Tartler
siretart at tauware.de
Sun Nov 1 08:00:36 UTC 2009
Marc Deslauriers <marc.deslauriers at canonical.com> writes:
> On Sat, 2009-10-31 at 09:12 +0100, Reinhard Tartler wrote:
>> How to proceed now? In any case, I'll prepare an upload for lucid once
>> it opens. Will you prepare uploads for stable ubuntu security pockets?
>
> The next step, IMO, is to get CVE numbers assigned. Since CVE numbers
> aren't usually given to client application crashes, someone needs to
> analyze each issue to see if it is exploitable or not.
I'm not familiar with the process to get CVE numbers assigned, but this
bug is identified by secunia:
http://secunia.com/advisories/36805/
Debian currently tracks this as:
http://security-tracker.debian.org/tracker/TEMP-0550442-000946
as for reproducability, the chrome guys presented for each issue an
example file demonstrating the crash. I'm not aware of concrete exploits
for these crashes.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the pkg-multimedia-maintainers
mailing list