Your message dated Sat, 23 Nov 2019 15:30:31 +0100 with message-id <20191123143031.GA841423@ramacher.at> and subject line Re: Bug#932535: ffmpeg: CVE-2019-13390 has caused the Debian Bug report #932535, regarding ffmpeg: CVE-2019-13390 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 932535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932535 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ffmpeg: CVE-2019-13390
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 20 Jul 2019 14:05:11 +0200
- Message-id: <156362431111.20996.17297017888740700844.reportbug@eldamar.local>
Source: ffmpeg Version: 7:4.1.3-1 Severity: important Tags: security upstream Hi, The following vulnerability was published for ffmpeg, just filling a repsective 'tracking bug'. TTBOMK so far I have not seen a reference to fixed version/commits. CVE-2019-13390[0]: | In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in | libavformat/rawenc.c. This may be related to two NULL pointers passed | as arguments at libavcodec/frame_thread_encoder.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13390 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: Salvatore Bonaccorso <carnil@debian.org>, 932535-done@bugs.debian.org
- Subject: Re: Bug#932535: ffmpeg: CVE-2019-13390
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Sat, 23 Nov 2019 15:30:31 +0100
- Message-id: <20191123143031.GA841423@ramacher.at>
- In-reply-to: <156362431111.20996.17297017888740700844.reportbug@eldamar.local>
- References: <156362431111.20996.17297017888740700844.reportbug@eldamar.local>
Version: 7:4.2.1-1 On 2019-07-20 14:05:11, Salvatore Bonaccorso wrote: > Source: ffmpeg > Version: 7:4.1.3-1 > Severity: important > Tags: security upstream > > Hi, > > The following vulnerability was published for ffmpeg, just filling a > repsective 'tracking bug'. TTBOMK so far I have not seen a reference > to fixed version/commits. > > CVE-2019-13390[0]: > | In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in > | libavformat/rawenc.c. This may be related to two NULL pointers passed > | as arguments at libavcodec/frame_thread_encoder.c. This CVE was fixed in 4.2.1. Cheers > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-13390 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13390 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > -- Sebastian RamacherAttachment: signature.asc
Description: PGP signature
--- End Message ---