Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 389807 - <media-video/ffmpeg-0.7.7 Multiple Vulnerabilities
Summary: <media-video/ffmpeg-0.7.7 Multiple Vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/46736/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-07 12:39 UTC by Agostino Sarubbo
Modified: 2013-10-25 19:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-11-07 12:39:44 UTC
From secunia security advisory at $URL:

Description:
The vulnerabilities are caused due to various errors and can be exploited to e.g. cause out-of-bounds reads and writes, double-frees, and buffer overflows via e.g. specially crafted media content.

The vulnerabilities are reported in versions prior to 0.7.7 and 0.8.6.

Solution:
Update to versions 0.7.7
Comment 1 Alexis Ballier gentoo-dev 2011-11-07 13:21:20 UTC
added the ebuild ~1 hour ago :)
Comment 2 Agostino Sarubbo gentoo-dev 2011-11-07 13:38:11 UTC
Thanks Alexis.


Arches please test and mark stable:

=media-video/ffmpeg-0.7.7

Target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2011-11-07 13:46:15 UTC
amd64 ok, there is still dodoc failure ( bug 373599 )
Comment 4 Richard Freeman gentoo-dev 2011-11-08 03:23:08 UTC
amd64 stable - thanks for testing
Comment 5 Jeff (JD) Horelick (RETIRED) gentoo-dev 2011-11-08 05:04:39 UTC
Archtested on x86: Everything fine
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2011-11-08 22:40:19 UTC
Stable for HPPA.
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-09 13:53:07 UTC
x86 stable
Comment 8 Markus Meier gentoo-dev 2011-11-13 21:15:20 UTC
arm stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-11-19 17:44:39 UTC
alpha/ia64/sparc stable
Comment 10 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-11-25 19:57:29 UTC
ppc/ppc64 stable, last arch done
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-11-28 05:50:05 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 12 Alexis Ballier gentoo-dev 2013-08-14 21:14:35 UTC
nothing left to do for media-video@
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 19:11:37 UTC
This issue was resolved and addressed in
 GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml
by GLSA coordinator Sean Amoss (ackle).