medibuntu-maintainers team mailing list archive

[technomage01 <technomage01@xxxxxxxxx>]

*** This bug is a security vulnerability ***

Private security bug reported:

I'm pretty sure that the Ubuntu FFmpeg security update on April 19, 2010
caused certain packages from Medibuntu to be replaced with the standard
Ubuntu versions causing users to lose the ability to playback certain
media types supported by Medibuntu but not supported by standard Ubuntu.

[USN-931-1] FFmpeg update installed the following files:

Ubuntu 8.04 LTS:
 libavcodec1d                    3:0.cvs20070307-5ubuntu7.4
 libavformat1d                   3:0.cvs20070307-5ubuntu7.4

Ubuntu 8.10:
 libavcodec51                    3:0.svn20080206-12ubuntu3.2
 libavformat52                   3:0.svn20080206-12ubuntu3.2

Ubuntu 9.04:
 libavcodec52                    3:0.svn20090303-1ubuntu6.1
 libavformat52                   3:0.svn20090303-1ubuntu6.1

Ubuntu 9.10:
 libavcodec52                    4:0.5+svn20090706-2ubuntu2.1
 libavformat52                   4:0.5+svn20090706-2ubuntu2.1

Using Ubuntu 8.04 LTS as an example, the new version of libavcodec1d
from ubuntu is 3:0.cvs20070307-5ubuntu7.4, the version from Medibuntu is
3:0.cvs20070307-5ubuntu7.3+medibuntu1.  As I understand it, because the
version from Ubuntu has a higher version number it is installed over the
version from Medibuntu.

Will Medibuntu be releasing updated versions of the files mentioned
above that contained the security patches referenced in USN-931-1?  As I
understand it, forcing the install of the currently available Medibuntu
versions of the above files would create a security vulnerability.

** Affects: medibuntu
     Importance: Undecided
         Status: New

-- 
[USN-931-1] FFmpeg update replaces medibuntu packages
https://bugs.launchpad.net/bugs/569305
You received this bug notification because you are a member of Medibuntu
Packaging Team, which is a direct subscriber.