medibuntu-maintainers team mailing list archive

Thread
Date

[Bug 738134] [NEW] Needed security upgrade for ffmpeg in lucid

To: medibuntu-maintainers@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <738134@xxxxxxxxxxxxxxxxxx>
Date: Sat, 19 Mar 2011 10:41:57 -0000
Reply-to: Bug 738134 <738134@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

You have been subscribed to a private security bug by Guiodic (Guido Iodice) (guido-iodice):

Binary package hint: ffmpeg

Lucid brings ffmpeg 0.5.1 that is affected by several security flaws.

Please check: http://www.ffmpeg.org/releases/ffmpeg-0.5.4.changelog

One of this exploit works surely on ubuntu:
http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt

Infacts:

ffplay Kedans.ape 
FFplay version SVN-r0.5.1-4:0.5.1-1ubuntu1, Copyright (c) 2003-2009 Fabrice Bellard, et al.
  configuration: --extra-version=4:0.5.1-1ubuntu1 --prefix=/usr --enable-avfilter --enable-avfilter-lavf --enable-vdpau --enable-bzlib --enable-libgsm --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvorbis --enable-pthreads --enable-zlib --disable-stripping --disable-vhook --enable-runtime-cpudetect --enable-gpl --enable-postproc --enable-swscale --enable-x11grab --enable-libdc1394 --enable-shared --disable-static
  libavutil     49.15. 0 / 49.15. 0
  libavcodec    52.20. 1 / 52.20. 1
  libavformat   52.31. 0 / 52.31. 0
  libavdevice   52. 1. 0 / 52. 1. 0
  libavfilter    0. 4. 0 /  0. 4. 0
  libswscale     0. 7. 1 /  0. 7. 1
  libpostproc   51. 2. 0 / 51. 2. 0
  built on Mar  4 2010 12:35:30, gcc: 4.4.3
Errore di virgola mobile

** Affects: ffmpeg (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Needed security upgrade for ffmpeg in lucid
https://bugs.launchpad.net/bugs/738134
You received this bug notification because you are a member of Medibuntu Packaging Team, which is a direct subscriber.