|
Message-ID: <1336067603.5166.14.camel@localhost> Date: Thu, 03 May 2012 12:53:23 -0500 From: Jamie Strandboge <jamie@...onical.com> To: oss-security <oss-security@...ts.openwall.com> Cc: Michael Niedermayer <michaelni@....at>, Måns Rullgård <mans@...sr.com>, fabian.yamaguchi@...uni-goettingen.de Subject: Security issue in libav/ffmpeg A heap corruption security bug[1] was reported by Fabian Yamaguchi against libav in Ubuntu. This issue also affected ffmpeg. This issue is now public and has been assigned CVE-2012-0947. Attached is a patch from upstream libav to fix the issue (thanks to Måns Rullgård). While the issue also affected ffmpeg, upstream ffmpeg fixed this some time ago in 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d. [1] https://launchpad.net/bugs/980963 -- Jamie Strandboge | http://www.canonical.com View attachment "0001-vqavideo-return-error-if-image-size-is-not-a-multipl.patch" of type "text/x-patch" (1226 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.