[SCM] FFmpeg packaging branch, lenny, updated. debian/0.svn20080206-16-1-g3df3f9f

Tue Feb 10 07:47:16 UTC 2009

The following commit has been merged in the lenny branch:
commit 3df3f9fcac661d450a59fb9ad063e1c485f23b71
Author: Reinhard Tartler <siretart at tauware.de>
Date:   Tue Feb 10 07:56:13 2009 +0100

    bug fix: possible null ptr derefence in vp3.c (CVE-2008-4610)  Closes: #509616

diff --git a/debian/changelog b/debian/changelog
index d71b17d..98b3867 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ffmpeg-debian (0.svn20080206-17) unstable; urgency=medium
+
+  * bug fix: possible null ptr derefence in vp3.c (CVE-2008-4610) 
+    Closes: #509616
+
+ -- Reinhard Tartler <siretart at tauware.de>  Tue, 10 Feb 2009 07:55:39 +0100
+
 ffmpeg-debian (0.svn20080206-16) unstable; urgency=low
 
   * bug fix: denial-of-service attack (CVE-2008-3230) Closes: #498764
diff --git a/debian/patches/050_CVE-2008-4610.patch b/debian/patches/050_CVE-2008-4610.patch
new file mode 100644
index 0000000..95d4945
--- /dev/null
+++ b/debian/patches/050_CVE-2008-4610.patch
@@ -0,0 +1,48 @@
+------------------------------------------------------------------------
+r17090 | alexc | 2009-02-09 02:39:33 +0100 (Mo, 09. Feb 2009) | 2 lines
+
+VP3: Do not ignore error from read_huffman_tree().
+
+------------------------------------------------------------------------
+Index: libavcodec/vp3.c
+===================================================================
+--- a/libavcodec/vp3.c	(Revision 17089)
++++ b/libavcodec/vp3.c	(Revision 17090)
+@@ -2014,9 +2014,11 @@
+         }
+         s->huff_code_size++;
+         s->hbits <<= 1;
+-        read_huffman_tree(avctx, gb);
++        if (read_huffman_tree(avctx, gb))
++            return -1;
+         s->hbits |= 1;
+-        read_huffman_tree(avctx, gb);
++        if (read_huffman_tree(avctx, gb))
++            return -1;
+         s->hbits >>= 1;
+         s->huff_code_size--;
+     }
+@@ -2192,9 +2194,11 @@
+         s->huff_code_size = 1;
+         if (!get_bits1(gb)) {
+             s->hbits = 0;
+-            read_huffman_tree(avctx, gb);
++            if(read_huffman_tree(avctx, gb))
++                return -1;
+             s->hbits = 1;
+-            read_huffman_tree(avctx, gb);
++            if(read_huffman_tree(avctx, gb))
++                return -1;
+         }
+     }
+ 
+@@ -2250,7 +2254,8 @@
+ //            theora_decode_comments(avctx, gb);
+             break;
+         case 0x82:
+-            theora_decode_tables(avctx, &gb);
++            if (theora_decode_tables(avctx, &gb))
++                return -1;
+             break;
+         default:
+             av_log(avctx, AV_LOG_ERROR, "Unknown Theora config packet: %d\n", ptype&~0x80);
diff --git a/debian/patches/series b/debian/patches/series
index a9736a2..1c8716a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,6 +11,7 @@
 050_CVE-2008-4866.patch
 050_CVE-2008-4866-2.patch
 050_CVE-2008-3230.patch
+050_CVE-2008-4610.patch
 060_r14917_dca_max_frame_size.diff
 060_r14937_dca_fix_scaling_factor.diff
 060_r14964.dca_table.diff

-- 
FFmpeg packaging

