Date: Thu, 03 May 2012 12:53:23 -0500 From: Jamie Strandboge <jamie@...onical.com> To: oss-security <oss-security@...ts.openwall.com> Cc: Michael Niedermayer <michaelni@....at>, Måns Rullgård <mans@...sr.com>, fabian.yamaguchi@...uni-goettingen.de Subject: Security issue in libav/ffmpeg A heap corruption security bug was reported by Fabian Yamaguchi against libav in Ubuntu. This issue also affected ffmpeg. This issue is now public and has been assigned CVE-2012-0947. Attached is a patch from upstream libav to fix the issue (thanks to Måns Rullgård). While the issue also affected ffmpeg, upstream ffmpeg fixed this some time ago in 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d.  https://launchpad.net/bugs/980963 -- Jamie Strandboge | http://www.canonical.com View attachment "0001-vqavideo-return-error-if-image-size-is-not-a-multipl.patch" of type "text/x-patch" (1226 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ