CVE-2014-4610: Integer Overflow in FFmpeg LZO implementation

To: debian-lts@lists.debian.org
Subject: CVE-2014-4610: Integer Overflow in FFmpeg LZO implementation
From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Date: Fri, 27 Jun 2014 19:30:11 +0200
Message-id: <[🔎] 53ADAA23.5050306@googlemail.com>

Hi,

I'd like to inform you that ffmpeg 0.5.10-1 in squeeze is vulnerable toCVE-2014-4610 [1].

The fix [2] should be easily backportable.

Best regards,
Andreas


1: http://seclists.org/oss-sec/2014/q2/668

2:https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee

Reply to:

Prev by Date: tiff for LTS
Next by Date: Bug#753122: PTS: Please add support for squeeze-lts
Previous by thread: tiff for LTS
Next by thread: Bug#753122: PTS: Please add support for squeeze-lts
Index(es):
- Date
- Thread