Summary: | <media-video/kino-1.3.4: LZO Denial of Service and Arbitrary Code Execution through embedded code | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q2/676 | ||
Whiteboard: | C3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 515246 |
Description
Yury German
2014-06-27 01:13:24 UTC
=media-video/kino-1.3.4 contains vulnerable lzo through bundled ffmpeg however we are passing "--disable-local-ffmpeg" via configure (see https://gitweb.gentoo.org/repo/gentoo.git/tree/media-video/kino/kino-1.3.4.ebuild?id=69c57e4ba96a57f7f7ba7eff73127dc01bbaa4a9#n96) and using system's ffmpeg. So we are not affected. @ Security: please vote/process with the bug. GLSA Vote: No |