Ubuntu
ffmpeg package

  1. Bug #323620
  2. Comment #2

Comment 2 for bug 323620

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 3:0.cvs20070307-5ubuntu4.2

---------------
ffmpeg (3:0.cvs20070307-5ubuntu4.2) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service via a malformed Ogg Media (OGM) file
    - debian/patches/100_security_CVE-2008-4610.diff: properly check return
      codes in libavcodec/vp3.c.
    - CVE-2008-4610
  * SECURITY UPDATE: buffer overflow caused by an incorrect DCA_MAX_FRAME_SIZE
    value
    - debian/patches/101_security_CVE-2008-4867.diff: set DCA_MAX_FRAME_SIZE to
      a correct value in libavcodec/dca.c.
    - CVE-2008-4867
  * SECURITY UPDATE: arbitrary code execution via a malformed 4X movie file
    (LP: #323620)
    - debian/patches/102_security_CVE-2009-0385.diff: validate current_track
      value in libavformat/4xm.c.
    - CVE-2009-0385

 -- Marc Deslauriers <email address hidden> Fri, 13 Mar 2009 13:20:07 -0400