From owner-freebsd-ports@FreeBSD.ORG  Thu Feb 12 22:28:33 2009
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D351D1065672
	for <ports@freebsd.org>; Thu, 12 Feb 2009 22:28:33 +0000 (UTC)
	(envelope-from mark@foster.cc)
Received: from QMTA09.westchester.pa.mail.comcast.net
	(qmta09.westchester.pa.mail.comcast.net [76.96.62.96])
	by mx1.freebsd.org (Postfix) with ESMTP id 851498FC13
	for <ports@freebsd.org>; Thu, 12 Feb 2009 22:28:33 +0000 (UTC)
	(envelope-from mark@foster.cc)
Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60])
	by QMTA09.westchester.pa.mail.comcast.net with comcast
	id F0dB1b0061HzFnQ59AFHJX; Thu, 12 Feb 2009 22:15:17 +0000
Received: from [192.168.1.246] ([71.227.202.191])
	by OMTA14.westchester.pa.mail.comcast.net with comcast
	id FAFF1b00H48GxyX3aAFGde; Thu, 12 Feb 2009 22:15:17 +0000
Message-ID: <49949F72.8040207@foster.cc>
Date: Thu, 12 Feb 2009 14:15:14 -0800
From: Mark Foster <mark@foster.cc>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: ports@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: ffmpeg vulnerability
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2009 22:28:34 -0000

(Resending, I did not see it posted earlier)
ffmpeg has 3 announced vulnerabilities in this past month.
Here is the latest...
09.6.23 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg "libavformat/4xm.c" Remote Code Execution
Description: FFmpeg is an application used to record, convert, and
stream audio and video. The application is exposed to a remote code
execution issue because it fails to adequately validate user-supplied
input. This issue occurs in the "libavformat/4xm.c" source file, and
occurs because of a NULL pointer dereference error. FFmpeg trunk
revision versions prior to 16846 are vulnerable.
Ref: http://www.trapkit.de/advisories/TKADV2009-004.txt 
<http://www.trapkit.de/advisories/TKADV2009-004.txt>

Normally I would submit a vuxml entry, but not sure how to indicate the 
proper "fixed" versiona since the port uses 2008.07.07_7 while the fixed 
version is revision 16846.

-- 
Realization #2031: That the "meaning of life" is now just another Google search.
Mark D. Foster <mark@foster.cc>  
http://mark.foster.cc/ | http://conshell.net/