Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)
Reinhard Tartler
siretart at tauware.de
Wed Jul 30 07:34:34 UTC 2008
found 492806 0.cvs20060823-8
stop
"Michael Gilbert" <michael.s.gilbert at gmail.com> writes:
> ok, i appologize, i did a quick scan of bugs in libavformat, and
> somehow missed this.
No Problem. Better safe than sorry.
> there has not been a DSA to fix this problem in stable. is the
> libavformat0d package vulnerable there? and if so, why isn't the
> issue being tracked [1]?
By just briefly looking at the source, it seems to me that the version
in stable is vulnerable as well. The patch found in the unstable package
needs some additional handwork but should more or less apply in the same
way.
I'm sorry to say that I'll be rather busy this week, so I cannot promise
to prepare an updated package. In case I do, I'll followup in this
thread.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the pkg-multimedia-maintainers
mailing list