New mplayer and ffmpeg packages for stable (security issues)

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 

Reply to this message
Author: Christian Marillat
Date:  
To: dmo-discussion
Subject: New mplayer and ffmpeg packages for stable (security issues)
Hi,

You must update mplayer and ffmpeg packages in stable.

,----
|   * New patches to fix CVE-2011-0480 (crash in Vorbis decoding).
|     Fix heap corruption crashes (CVE-2011-0722).
|     Fix crashes in Vorbis decoding found by zzuf (CVE-2010-4704).
|     Fix invalid reads in VC-1 decoding (CVE-2011-0723).
|     Do not attempt to decode APE file with no frames (fixes DoS).
`----

ffmpeg :

,----
| * Forget a patch to fix heap corruption crashes (CVE-2011-0722).
|     and also this one : Do not attempt to decode APE file with no frames
|     (fixes DoS).
`----

and

,----
| * New patch to fix CVE-2011-0480 (crash in Vorbis decoding).
`----

Christian


This message was posted to the following mailing lists:
DMO discussion
Mailing List Info | Nearby Messages		<-Re: vlc(-nox) non installable in unstable due to Debian's libpostproc52 4:0.7.1-5 requirementSecurity update for flashplayer->
deb-multimedia.org Mailing List Archive administrated by Christian MarillatLurker (version 2.3)