Needed security upgrade for ffmpeg in lucid
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Medibuntu |
Fix Released
|
Undecided
|
Medibuntu Packaging Team | ||
ffmpeg (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: ffmpeg
Lucid brings ffmpeg 0.5.1 that is affected by several security flaws.
Please check: http://
One of this exploit works surely on ubuntu: http://
Infacts:
ffplay Kedans.ape
FFplay version SVN-r0.
configuration: --extra-
libavutil 49.15. 0 / 49.15. 0
libavcodec 52.20. 1 / 52.20. 1
libavformat 52.31. 0 / 52.31. 0
libavdevice 52. 1. 0 / 52. 1. 0
libavfilter 0. 4. 0 / 0. 4. 0
libswscale 0. 7. 1 / 0. 7. 1
libpostproc 51. 2. 0 / 51. 2. 0
built on Mar 4 2010 12:35:30, gcc: 4.4.3
Errore di virgola mobile
visibility: | private → public |
Changed in ffmpeg (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in ffmpeg (Ubuntu Hardy): | |
status: | New → Confirmed |
Changed in ffmpeg (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in ffmpeg (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in ffmpeg (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in ffmpeg (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in ffmpeg (Ubuntu Karmic): | |
importance: | Undecided → Medium |
Changed in ffmpeg (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in ffmpeg (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in medibuntu: | |
assignee: | nobody → Medibuntu Packaging Team (medibuntu-maintainers) |
status: | New → Confirmed |
Changed in medibuntu: | |
status: | Fix Committed → Fix Released |
I'd suggest to include the upstream point releases 0.5.4 and 0.6.2 as they are very focused point releases targeting only at compilation problems and security issues.
if you find any issues such as missing security fixes or other problems, please let me know and I'm happy to handle this upstream.