Bug#504977: ffmpeg-debian: Several security issues

Reinhard Tartler siretart at tauware.de
Wed Nov 12 08:23:18 UTC 2008

Reinhard Tartler <siretart at tauware.de> writes:

>> CVE-2008-4869[0]:
>> | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
>> | to cause a denial of service (memory consumption) via unknown vectors,
>> | aka a "Tcp/udp memory leak."
> you asked me later to ignore this. ok.

I'm sorry but I misread you. Investigating the issue further, it seems
to me that this issue is exactly the same as CVE-2008-4866. At least the
references seem to point to the same svn commits.

I take that CVE-2008-4866 and CVE-2008-4869 are actually dupes.

Summary: the only issue this bug is about is actually CVE-2008-4869,
where I have committed a patch, but would really need some help with
verifying the patch.

As for CVE-2008-4867, see bug #496612. Please raise the severity if you
think that should be fixed in lenny, but please not that I could really
need help with that bug as well.

Reinhard Tartler, KeyID 945348A4

More information about the pkg-multimedia-maintainers mailing list