[FFmpeg-devel] fixed CVEs not on ffmpeg.org/security.html
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Mar 12 14:09:27 CET 2014
Hi,
I found some CVEs on the Debian ffmpeg security tracker [1], that are
not mentioned on ffmpeg.org/security.html.
I think all of them are fixed. Please confirm this and add the CVEs to
ffmpeg.org/security.html.
- CVE-2008-4610: fixed in Ubuntu ffmpeg 3:0.svn20080206-12ubuntu3.1
- CVE-2009-4639: fixed in Ubuntu ffmpeg 4:0.5+svn20090706-2ubuntu2.1
- CVE-2012-5150: commit ae3d41636942cbc0236bad21ad06c65f4eb0f096
- CVE-2012-5359, CVE-2012-5360, CVE-2012-5361: fixed in 0.11 [2]
- CVE-2013-0894: commit 2c16bf2de07c68513072bf3cc96401d2c6291a3e
- CVE-2014-2263: commit 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
Best regards,
Andreas
1: https://security-tracker.debian.org/tracker/source-package/ffmpeg
2: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
More information about the ffmpeg-devel
mailing list