Ubuntu
ffmpeg package

Needed security upgrade for ffmpeg in lucid

  1. Hardy (8.04)
  2. Bug #738134
Bug #738134 reported by Guiodic (Guido Iodice)
304
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Medibuntu
Fix Released
Undecided
Medibuntu Packaging Team
ffmpeg (Ubuntu)
Fix Released
Medium
Unassigned
Hardy
Fix Released
Medium
Unassigned
Karmic
Fix Released
Medium
Unassigned
Lucid
Fix Released
Medium
Unassigned
Maverick
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: ffmpeg

Lucid brings ffmpeg 0.5.1 that is affected by several security flaws.

Please check: http://www.ffmpeg.org/releases/ffmpeg-0.5.4.changelog

One of this exploit works surely on ubuntu: http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt

Infacts:

ffplay Kedans.ape
FFplay version SVN-r0.5.1-4:0.5.1-1ubuntu1, Copyright (c) 2003-2009 Fabrice Bellard, et al.
  configuration: --extra-version=4:0.5.1-1ubuntu1 --prefix=/usr --enable-avfilter --enable-avfilter-lavf --enable-vdpau --enable-bzlib --enable-libgsm --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvorbis --enable-pthreads --enable-zlib --disable-stripping --disable-vhook --enable-runtime-cpudetect --enable-gpl --enable-postproc --enable-swscale --enable-x11grab --enable-libdc1394 --enable-shared --disable-static
  libavutil 49.15. 0 / 49.15. 0
  libavcodec 52.20. 1 / 52.20. 1
  libavformat 52.31. 0 / 52.31. 0
  libavdevice 52. 1. 0 / 52. 1. 0
  libavfilter 0. 4. 0 / 0. 4. 0
  libswscale 0. 7. 1 / 0. 7. 1
  libpostproc 51. 2. 0 / 51. 2. 0
  built on Mar 4 2010 12:35:30, gcc: 4.4.3
Errore di virgola mobile

Marc Deslauriers (mdeslaur)
visibility: private → public
Changed in ffmpeg (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Changed in ffmpeg (Ubuntu Hardy):
status: New → Confirmed
Changed in ffmpeg (Ubuntu Karmic):
status: New → Confirmed
Changed in ffmpeg (Ubuntu Lucid):
status: New → Confirmed
Changed in ffmpeg (Ubuntu Maverick):
status: New → Confirmed
Changed in ffmpeg (Ubuntu Hardy):
importance: Undecided → Medium
Changed in ffmpeg (Ubuntu Karmic):
importance: Undecided → Medium
Changed in ffmpeg (Ubuntu Maverick):
importance: Undecided → Medium
Changed in ffmpeg (Ubuntu Lucid):
importance: Undecided → Medium
Revision history for this message
Reinhard Tartler (siretart) wrote :

I'd suggest to include the upstream point releases 0.5.4 and 0.6.2 as they are very focused point releases targeting only at compilation problems and security issues.

if you find any issues such as missing security fixes or other problems, please let me know and I'm happy to handle this upstream.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Updated have been published for these issues.
USN-1104-1.

Changed in ffmpeg (Ubuntu Hardy):
status: Confirmed → Fix Released
Changed in ffmpeg (Ubuntu Lucid):
status: Confirmed → Fix Released
Changed in ffmpeg (Ubuntu Karmic):
status: Confirmed → Fix Released
Changed in ffmpeg (Ubuntu Maverick):
status: Confirmed → Fix Released
Changed in ffmpeg (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Guiodic (Guido Iodice) (guido-iodice) wrote :

Thank you.

FFmpeg needs be updated in medibuntu too.

Revision history for this message
Tom rooze.sen (tomrooze-sen) wrote :

[URL=http://img155.imageshack.us/i/schermafdrukz.png/][IMG]http://img155.imageshack.us/img155/9823/schermafdrukz.th.png[/IMG][/URL]

Nichts zu machen ,kan die nicht installieren und ich bin nicht die einzige .
Noch sieben personen sitzen damit bei uns auf das forum.
Kan jetzt auch kein Winff mehr installieren und ein teil vom VLC fehlt jetzt.
Keine schone sache.
Grus Tom.

Revision history for this message
Tom rooze.sen (tomrooze-sen) wrote :

FFmpeg probleim = OKE.
Many thanks good job ... great.
Greetings Tom.

Piotr Morgwai Kotarbiński (morgwai)
Changed in medibuntu:
assignee: nobody → Medibuntu Packaging Team (medibuntu-maintainers)
status: New → Confirmed
Revision history for this message
Gauvain Pocentek (gpocentek) wrote :

Updated packages have been published in the medibuntu -staging repos.

Changed in medibuntu:
status: Confirmed → Fix Committed
Revision history for this message
Guiodic (Guido Iodice) (guido-iodice) wrote :

@gauvain: can I have the deb line for medibuntu -stagin repos? I would like to test the updated packages.

Revision history for this message
Gauvain Pocentek (gpocentek) wrote :

Guido,

Just copy the current medibuntu deb line in /etc/apt/sources.list.d/medibuntu.list, but replace "lucid" with "lucid-staging".
Thanks for the test.

Revision history for this message
Guiodic (Guido Iodice) (guido-iodice) wrote :

@Gauvain: the upgrade works fine.

Gauvain Pocentek (gpocentek)
Changed in medibuntu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.