Summary: | <media-video/ffmpeg-0.5_p19928: "vmd_read_header()" Integer Overflow Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alexis Ballier <aballier> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/36760/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 283953, 284695, 285414, 285612, 285896, 285898 | ||
Bug Blocks: |
Description
Alexis Ballier
2009-09-20 16:19:17 UTC
blender-2.48a fails to build against this version Should be all set up now. I'm done there. I'll let you handle the stable blockers with the respective maintainers. For arch teams testing, there is the test suite and there's also fate: http://fate.multimedia.cx/ If you want to run this at home, you can have a look at: http://fate.multimedia.cx/running.html And grab my hacked fateconfig.py: http://dev.gentoo.org/~aballier/fateconfig.py Compare the results with the expected ones on the first link. Note that some fate boxes are running Gentoo. That version of ffmpeg is not even in the tree, so nothing to stabilize. Should we make the decision about GLSA? Added to pending GLSA request. nothing left to do for media-video@ This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle). |