diff -u ffmpeg-0.cvs20070307/debian/patches/series ffmpeg-0.cvs20070307/debian/patches/series
--- ffmpeg-0.cvs20070307/debian/patches/series
+++ ffmpeg-0.cvs20070307/debian/patches/series
@@ -21,0 +22 @@
+20080716_CVE-2008-3162.diff
diff -u ffmpeg-0.cvs20070307/debian/changelog ffmpeg-0.cvs20070307/debian/changelog
--- ffmpeg-0.cvs20070307/debian/changelog
+++ ffmpeg-0.cvs20070307/debian/changelog
@@ -1,3 +1,22 @@
+ffmpeg (3:0.cvs20070307-5ubuntu4.1) gutsy-security; urgency=high
+
+  * SECURITY UPDATE: (LP: #248674)
+   + debian/patches/20080716_CVE-2008-3162.diff:
+    - Stack-based buffer overflow in the str_read_packet function in 
+      libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers 
+      to cause a denial of service (application crash) or execute arbitrary 
+     code via a crafted STR file that interleaves audio and video sectors.
+
+  + References:
+   - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162
+   - https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311
+   - http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993
+
+  * debian/control:
+   - updated maintainer field. 
+
+ -- Emanuele Gentili <emgent@ubuntu.com>  Thu, 17 Jul 2008 20:47:37 +0200
+
 ffmpeg (3:0.cvs20070307-5ubuntu4) gutsy; urgency=low
 
   * make ffmpeg-config not add -ldts and -la52 to LDFLAGS. fixes FTBFS in
diff -u ffmpeg-0.cvs20070307/debian/control ffmpeg-0.cvs20070307/debian/control
--- ffmpeg-0.cvs20070307/debian/control
+++ ffmpeg-0.cvs20070307/debian/control
@@ -1,7 +1,8 @@
 Source: ffmpeg
 Section: libs
 Priority: optional
-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
 Uploaders: Sam Hocevar (Debian packages) <sam+deb@zoy.org>, Loic Minier <lool@dooz.org>, Reinhard Tartler <siretart@tauware.de>
 Build-Depends: debhelper (>= 4.0), quilt, libogg-dev, libvorbis-dev, zlib1g-dev, libsdl1.2-dev, libfreetype6-dev, libimlib2-dev, texi2html, libraw1394-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libdc1394-13-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libtheora-dev (>> 0.0.0.alpha4), libgsm1-dev
 Standards-Version: 3.7.2
only in patch2:
unchanged:
--- ffmpeg-0.cvs20070307.orig/debian/patches/20080716_CVE-2008-3162.diff
+++ ffmpeg-0.cvs20070307/debian/patches/20080716_CVE-2008-3162.diff
@@ -0,0 +1,54 @@
+Index: ffmpeg-0.cvs20070307/libavformat/psxstr.c
+===================================================================
+--- ffmpeg-0.cvs20070307.orig/libavformat/psxstr.c	2008-07-17 20:42:08.000000000 +0200
++++ ffmpeg-0.cvs20070307/libavformat/psxstr.c	2008-07-17 20:45:24.000000000 +0200
+@@ -276,12 +276,23 @@
+                 int current_sector = AV_RL16(&sector[0x1C]);
+                 int sector_count   = AV_RL16(&sector[0x1E]);
+                 int frame_size = AV_RL32(&sector[0x24]);
+-                int bytes_to_copy;
++
++                if(!(   frame_size>=0
++                     && current_sector < sector_count
++                     && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){
++                    av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size);
++                    return AVERROR_INVALIDDATA;
++                }
++
+ //        printf("%d %d %d\n",current_sector,sector_count,frame_size);
+                 /* if this is the first sector of the frame, allocate a pkt */
+                 pkt = &str->tmp_pkt;
+-                if (current_sector == 0) {
+-                    if (av_new_packet(pkt, frame_size))
++
++                if(pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){
++                    if(pkt->data)
++                        av_log(s, AV_LOG_ERROR, "missmatching sector_count\n");
++                    av_free_packet(pkt);
++                    if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE))
+                         return AVERROR_IO;
+ 
+                     pkt->pos= url_ftell(pb) - RAW_CD_SECTOR_SIZE;
+@@ -295,15 +306,15 @@
+                        str->pts += (90000 / 15);
+                 }
+ 
+-                /* load all the constituent chunks in the video packet */
+-                bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE;
+-                if (bytes_to_copy>0) {
+-                    if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE;
+-                    memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
+-                        sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy);
+-                }
++                memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
++                       sector + VIDEO_DATA_HEADER_SIZE,
++                       VIDEO_DATA_CHUNK_SIZE);
++
+                 if (current_sector == sector_count-1) {
++                    pkt->size= frame_size;
+                     *ret_pkt = *pkt;
++                    pkt->data= NULL;
++                    pkt->size= -1;
+                     return 0;
+                 }
+ 
only in patch2:
unchanged:
--- ffmpeg-0.cvs20070307.orig/.pc/.version
+++ ffmpeg-0.cvs20070307/.pc/.version
@@ -0,0 +1 @@
+2