1
PublicDateAtUSN: 2010-02-09
2
Candidate: CVE-2009-4632
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4632
6
https://usn.ubuntu.com/usn/usn-931-1
8
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer
9
arithmetic, which might allow remote attackers to obtain sensitive memory
10
contents and cause a denial of service via a crafted file that triggers an
14
mdeslaur> this is issue #18
15
mdeslaur> Can't reproduce on hardy, patch doesn't seem to apply
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442
19
Discovered-by: Will Dormann
22
Patches_ffmpeg-debian:
23
upstream_ffmpeg-debian: needed
24
dapper_ffmpeg-debian: DNE
25
hardy_ffmpeg-debian: DNE
26
intrepid_ffmpeg-debian: released (3:0.svn20080206-12ubuntu3.2)
27
jaunty_ffmpeg-debian: released (3:0.svn20090303-1ubuntu6.1)
28
karmic_ffmpeg-debian: DNE
29
lucid_ffmpeg-debian: DNE
30
maverick_ffmpeg-debian: DNE
31
devel_ffmpeg-debian: DNE
34
upstream_ffmpeg: needed
35
dapper_ffmpeg: ignored (reached end-of-life)
36
hardy_ffmpeg: not-affected (3:0.cvs20070307-5ubuntu7.4)
37
intrepid_ffmpeg: needed (reached end-of-life)
38
jaunty_ffmpeg: ignored (reached end-of-life)
39
karmic_ffmpeg: released (4:0.5+svn20090706-2ubuntu2.1)
40
lucid_ffmpeg: not-affected (4:0.5.1-1ubuntu1)
41
maverick_ffmpeg: not-affected (4:0.5.1-1ubuntu1)
42
devel_ffmpeg: not-affected (4:0.5.1-1ubuntu1)