Bug#550442: ffmpeg: deluge of crashes due to missing input sanitization
Reinhard Tartler
siretart at tauware.de
Wed Jan 13 08:28:43 UTC 2010
found 550442 0.svn20080206-18
stop
On Sa, Dez 05, 2009 at 00:33:02 (CET), Reinhard Tartler wrote:
> Moritz Muehlenhoff <jmm at inutil.org> writes:
>
>> Sorry, this slipped through. An update for stable-security would be very
>> welcome.
>
> Test packages (both amd64 and i386) with build logs can be found at
> http://pkg-multimedia.alioth.debian.org/ffmpeg-lenny/ for now.
>
> Please note that because lenny does *not* ship FFmpeg 0.5 but an earlier
> snapshot, not all patches did apply cleanly. I did my best to backports
> all patches, but I needed to drop thee of them:
>
> security/libavcodec/mpegaudiodec/0002-Check-data_size-in-decode_frame_mp3on4.patch
> security/libavformat/mov/0003-check-stream-existence-before-assignment-fix-1222.patch
> security/libavcodec/vp3/0003-Make-sure-that-all-memory-allocations-succeed.patch
>
> The biggest problem is that I haven't tested them yet. Testers very
> welcome!
>
> If I get positive feedback, or Moritz asks me to do so, I'll of course
> upload to security.debian.org immediately.
ping?
Any interest from the security team having this in lenny?
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the pkg-multimedia-maintainers
mailing list