Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 15 Jun 2014 19:27:13 +0200
From: Thomas Klausner <wiz@...BSD.org>
To: oss-security@...ts.openwall.com
Subject: older ffmpeg overflows/out-of-bounds-accesses/etc.

Hi!

Here's a list of commits to the ffmpeg repository which look like they
might fix trouble. I don't think CVEs are assigned for these, but it's
a long list, so I'm not completely sure.

I don't know if it's worth the trouble to assign CVEs for these now,
since they all were fixed last year, but I thought I'd bring them to
your attention. Please use your own judgment.

June/July 2013:

http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6e9bfc19bd7be2b28258ca93d706cb67ed482c65;hp=16f3102f41031f70a24cf25836b1b7ab972c1265
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=bbc19010edfdb1b2e248a24894c5ec77960bbfc3;hp=702c1bf240f255d9afe2c3dbf2f07d7fbdc2ffc7
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c59ce1c98e5fdcd3d00fa4980ec8516eb9cad2c4;hp=b28851a1d688f2c650977ea73c1d775417a0bd0e
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c51654fbc023f22feabee68a858a1a33e12ed9f6;hp=a28f4fd1ea45821100032403ebdac1c164b10007
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b26bcd08e670b90740f7253f21adddafb9d8c478;hp=c51654fbc023f22feabee68a858a1a33e12ed9f6
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c49d94487c6135325930cbc4a8cd96d38ef6653e;hp=75b9fb27f516f9db7995ab2c2abb83e25cae5813
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21d0f75f29ca97b2ca31bd4451f488163a27e24f;hp=c49d94487c6135325930cbc4a8cd96d38ef6653e
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=bce2ed55596a603b0dd35e000e064b9a40eee542;hp=369684f1092427a3cfa1a62b43f2952a5554061d
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c2216976907336dfae0e8e38a4d70ca2465a92c;hp=999ccd2d0a43640921088578f138c874f6cc0f8a
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=467e7a8f26e54c300ba494bf00033fec1078fa45;hp=0ea135613788ef69ee4f52afb520a169e6da6b9e
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=38229362529ed1619d8ebcc81ecde85b23b45895
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e30b068ef79f604ff439418da07f7e2efd01d4ea
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6765ee7b9cba46818a45b051438b2552f0a1b70a
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7388c0c58601477db076e2e74e8b11f8a644384a
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=95a57d26d8653d21f0dab1aff3558ee944853dbf
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b564784a207b1395d2b5a41e580539df04651096
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=78962d3df49afe5011b572656ecfe940bd5fbf2e
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cf04af2086be105ff86088357b83d672d38417d9
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eae63e3c156f784ee0612422f0c95131ea913c14
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fd54dd028bc9f7bfb80ebf823a533dc84b73f936
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=76f5dfbfd902178df4a38221a68dc8540189345a
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c4abc9098cacb227dba39bac6aea16b2bceba0d0
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f5e646a00ac21e500dae4bcceded790a0fbc5246
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f27b22b4974c740f4c7b4140a793cac196179266
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ddefb80c95d88e88aeb7bc938d58c0389bb83b78
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8435bca087c0e79385763c51de009fd89390b6a5
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6255ccf7d51c82ab79bf0cd47a921f572dda4489
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cd78e934c246d1b2510f8fba0abfe40bb75795f6
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=dc79685195a45c9b8b17d7b93d118e0aefa45462

August 2013
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5ef7c84a9374681c64722a96d91741f3b990af2b
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c59967fa7cc5bc2fa06b36c17d2c207240c06b3e

November 2013
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6d9dad6a7cb5d544d540abf941fedbd34c14d2bd
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=808c10e728db2d92ccbb0f8b3bcd4a2f4305a2cf
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4d388c0cd05dd4de545e8ea333ab4de7d67ad12d


 Thomas

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.