Bug#570713: ffmpeg: remaining vulnerabilities from bug #550442
Michael Gilbert
michael.s.gilbert at gmail.com
Sat Feb 20 21:02:51 UTC 2010
package: ffmpeg
version: 0.svn20080206-18
severity: serious
tags: security
hi, i have just tested the latest ffmpeg update against the original
proof of concepts [0] reported in bug #550442 [1]. many of them are
still effective. there is some good news though; i've found that
upstream has addressed all of the problems in their latest svn version.
attached are my findings.
reference [2] may be useful to track down the other needed patches; or
it may be easier to just upgrade to a new svn (however, the patches
still need to be determined for stable).
mike
[0] http://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442
[2] http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/97154
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ffmpeg
Type: application/octet-stream
Size: 1853 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20100220/d2afdc5a/attachment.obj>
More information about the pkg-multimedia-maintainers
mailing list