Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(Wed, 19 Jan 2011 19:57:04 GMT) (full text, mbox, link).
Added tag(s) unreproducible.
Request was from Reinhard Tartler <siretart@tauware.de>
to control@bugs.debian.org.
(Sat, 22 Jan 2011 22:30:13 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>: Bug#610550; Package ffmpeg.
(Sat, 22 Jan 2011 23:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Reinhard Tartler <siretart@tauware.de>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(Sat, 22 Jan 2011 23:06:03 GMT) (full text, mbox, link).
Subject: Re: Bug#610550: [CVE-2011-0480] memory corruptions in the ffmpeg Vorbis codec
Date: Sat, 22 Jan 2011 23:28:21 +0100
tags 610550 unreproducible
stop
Hi,
On Wed, Jan 19, 2011 at 20:48:35 (CET), Luciano Bello wrote:
> Package: ffmpeg
> Severity: important
> Tags: security patch
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for ffmpeg.
>
> CVE-2011-0480[0]:
> | Multiple buffer overflows in the Vorbis decoder in Google Chrome
> | before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote
> | attackers to cause a denial of service or possibly have unspecified
> | other impact via unknown vectors.
The report is against Chrome and Chrome OS. I've failed to reproduce the
reported crashes with debian's version of ffmpeg; I get error messages
about corrupted vorbis headers, but no crash. Can you please provide a
testcase that applies to the debian copy of ffmpeg?
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>: Bug#610550; Package ffmpeg.
(Tue, 25 Jan 2011 02:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(Tue, 25 Jan 2011 02:03:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>: Bug#610550; Package ffmpeg.
(Tue, 01 Feb 2011 02:18:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>.
(Tue, 01 Feb 2011 02:18:06 GMT) (full text, mbox, link).
From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: control <control@bugs.debian.org>, 610550@bugs.debian.org,
610550-submitter@bugs.debian.org
Subject: re: [CVE-2011-0480] memory corruptions in the ffmpeg Vorbis codec
Date: Mon, 31 Jan 2011 21:15:33 -0500
notfound 610550 4:0.5.2-6
tag 610550 -unreproducible
thanks
it looks like you're using a newer svn version of ffmpeg. at least
0.5.2 in unstable doesn't yet support webm, so it isn't affected. i
haven't checked 0.6.1 in experimental.
best wishes,
mike
Removed tag(s) unreproducible.
Request was from Michael Gilbert <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Tue, 01 Feb 2011 02:18:08 GMT) (full text, mbox, link).
Message sent on
to Luciano Bello <luciano@debian.org>:
Bug#610550.
(Tue, 01 Feb 2011 02:18:10 GMT) (full text, mbox, link).
Reply sent
to Reinhard Tartler <siretart@tauware.de>:
You have taken responsibility.
(Tue, 01 Feb 2011 06:45:03 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Tue, 01 Feb 2011 06:45:03 GMT) (full text, mbox, link).
Subject: Re: Bug#610550: [CVE-2011-0480] memory corruptions in the ffmpeg Vorbis codec
Date: Tue, 01 Feb 2011 07:40:58 +0100
On Tue, Feb 01, 2011 at 03:15:33 (CET), Michael Gilbert wrote:
> notfound 610550 4:0.5.2-6
> tag 610550 -unreproducible
> thanks
>
> it looks like you're using a newer svn version of ffmpeg. at least
> 0.5.2 in unstable doesn't yet support webm, so it isn't affected. i
> haven't checked 0.6.1 in experimental.
I did and it doesn't crash for me.
With this rationale, I'm closing this bug for now, but by all means,
please reopen it as soon as you have a testcase for me.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Message sent on
to Luciano Bello <luciano@debian.org>:
Bug#610550.
(Tue, 01 Feb 2011 06:45:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 01 Mar 2011 07:33:26 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.