Bug#694483: CVEs: CVE-2012-2882 CVE-2012-5359 CVE-2012-5360 CVE-2012-5361

Reinhard Tartler siretart at gmail.com
Fri Jan 4 13:59:39 UTC 2013

On Fri, Jan 4, 2013 at 2:07 PM, Arne Wichmann <aw at anhrefn.saar.de> wrote:
> begin  quotation  from Reinhard Tartler (in <CAJ0ccebL3xSmM+swoK3ocFxSOrE9nQ-yyy7r8_4zyazJT5mX1g at mail.gmail.com>):
>> Thanks for caring about security in libav. Sorry for the delay. I
>> tried hard to gather additional information about these issues, but
>> was not successful.
> Yeah, the information politics of the reporters could be more open.
>> On Mon, Nov 26, 2012 at 8:30 PM, Arne Wichmann <aw at linux.de> wrote:
>> > I have here another series of CVEs for ffmpeg/libav:
>> >
>> > CVE-2012-2882
>> Libav's ogg decoder is a bit different to the one in FFmpeg. Can you
>> please provide a testfile so that we can test if this issue affects
>> Libav at all?
> I dug around for a bit and found commit
> 9e1c55cfdec1e1e46fa39b92ea5c425ba9499c68 for ffmpeg, which seems to address
> the issue. More effort will follow when I find the reserves for that.

We in libav are discussing that patch since a couple of days, but do
not think that this patch helps. Unfortunately, we do not have a
sample to for this either.


More information about the pkg-multimedia-maintainers mailing list