[SCM] FFmpeg packaging branch, lenny, updated. e48a8d39b3eeb317aa2d29f6a476c03ff3adac48

siretart at users.alioth.debian.org siretart at users.alioth.debian.org
Thu Jan 29 08:38:50 UTC 2009 

The following commit has been merged in the lenny branch:
commit e48a8d39b3eeb317aa2d29f6a476c03ff3adac48
Author: Reinhard Tartler <siretart at tauware.de>
Date:   Wed Jan 28 23:09:21 2009 +0100

    fix remotely exploitable security issue in libavformat/4xm.c. Sorry, no CVE for this yet

diff --git a/debian/changelog b/debian/changelog
index 9f220d9..d71b17d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
-ffmpeg-debian (0.svn20080206-16) UNRELEASED; urgency=low
+ffmpeg-debian (0.svn20080206-16) unstable; urgency=low
 
   * bug fix: denial-of-service attack (CVE-2008-3230) Closes: #498764
+  * fix remotely exploitable security issue in libavformat/4xm.c.
+    Sorry, no CVE for this yet
 
  -- Reinhard Tartler <siretart at tauware.de>  Tue, 20 Jan 2009 00:51:19 +0100
 
diff --git a/debian/patches/050_TKADV2009-004.diff b/debian/patches/050_TKADV2009-004.diff
new file mode 100644
index 0000000..a7de241
--- /dev/null
+++ b/debian/patches/050_TKADV2009-004.diff
@@ -0,0 +1,25 @@
+------------------------------------------------------------------------
+r16846 | michael | 2009-01-28 14:37:26 +0100 (Mi, 28. Jan 2009) | 4 lines
+
+Fix remotely exploitable arbitrary code execution vulnerability.
+Found by Tobias Klein / tk // trapkit / de /
+See: http://www.trapkit.de/advisories/TKADV2009-004.txt
+
+
+--- a/libavformat/4xm.c
++++ b/libavformat/4xm.c
+@@ -163,10 +163,12 @@ static int fourxm_read_header(AVFormatCo
+                 return AVERROR_INVALIDDATA;
+             }
+             current_track = AV_RL32(&header[i + 8]);
++            if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack) - 1) {
++                av_log(s, AV_LOG_ERROR, "current_track too large\n");
++                return -1;
++	    }
+             if (current_track + 1 > fourxm->track_count) {
+                 fourxm->track_count = current_track + 1;
+-                if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
+-                    return -1;
+                 fourxm->tracks = av_realloc(fourxm->tracks,
+                     fourxm->track_count * sizeof(AudioTrack));
+                 if (!fourxm->tracks) {
diff --git a/debian/patches/series b/debian/patches/series
index a70aca6..a9736a2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,6 +7,7 @@
 015_reenable-img_convert.diff
 020_fix_libswscale_pic_code
 020_bug489965_bufferoverflow_str_demuxer.diff
+050_TKADV2009-004.diff
 050_CVE-2008-4866.patch
 050_CVE-2008-4866-2.patch
 050_CVE-2008-3230.patch

-- 
FFmpeg packaging

More information about the pkg-multimedia-commits mailing list