[SCM] FFmpeg packaging branch, lenny, updated. e48a8d39b3eeb317aa2d29f6a476c03ff3adac48
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Thu Jan 29 08:38:50 UTC 2009
The following commit has been merged in the lenny branch:
commit e48a8d39b3eeb317aa2d29f6a476c03ff3adac48
Author: Reinhard Tartler <siretart at tauware.de>
Date: Wed Jan 28 23:09:21 2009 +0100
fix remotely exploitable security issue in libavformat/4xm.c. Sorry, no CVE for this yet
diff --git a/debian/changelog b/debian/changelog
index 9f220d9..d71b17d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
-ffmpeg-debian (0.svn20080206-16) UNRELEASED; urgency=low
+ffmpeg-debian (0.svn20080206-16) unstable; urgency=low
* bug fix: denial-of-service attack (CVE-2008-3230) Closes: #498764
+ * fix remotely exploitable security issue in libavformat/4xm.c.
+ Sorry, no CVE for this yet
-- Reinhard Tartler <siretart at tauware.de> Tue, 20 Jan 2009 00:51:19 +0100
diff --git a/debian/patches/050_TKADV2009-004.diff b/debian/patches/050_TKADV2009-004.diff
new file mode 100644
index 0000000..a7de241
--- /dev/null
+++ b/debian/patches/050_TKADV2009-004.diff
@@ -0,0 +1,25 @@
+------------------------------------------------------------------------
+r16846 | michael | 2009-01-28 14:37:26 +0100 (Mi, 28. Jan 2009) | 4 lines
+
+Fix remotely exploitable arbitrary code execution vulnerability.
+Found by Tobias Klein / tk // trapkit / de /
+See: http://www.trapkit.de/advisories/TKADV2009-004.txt
+
+
+--- a/libavformat/4xm.c
++++ b/libavformat/4xm.c
+@@ -163,10 +163,12 @@ static int fourxm_read_header(AVFormatCo
+ return AVERROR_INVALIDDATA;
+ }
+ current_track = AV_RL32(&header[i + 8]);
++ if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack) - 1) {
++ av_log(s, AV_LOG_ERROR, "current_track too large\n");
++ return -1;
++ }
+ if (current_track + 1 > fourxm->track_count) {
+ fourxm->track_count = current_track + 1;
+- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
+- return -1;
+ fourxm->tracks = av_realloc(fourxm->tracks,
+ fourxm->track_count * sizeof(AudioTrack));
+ if (!fourxm->tracks) {
diff --git a/debian/patches/series b/debian/patches/series
index a70aca6..a9736a2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,6 +7,7 @@
015_reenable-img_convert.diff
020_fix_libswscale_pic_code
020_bug489965_bufferoverflow_str_demuxer.diff
+050_TKADV2009-004.diff
050_CVE-2008-4866.patch
050_CVE-2008-4866-2.patch
050_CVE-2008-3230.patch
--
FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list