FFmpeg reports 0.7.8 and 0.8.7 fix multiple security bugs at $URL. Secunia advisory states: "Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. 1) An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow. 2) An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow. 3) Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads. The vulnerabilities are reported in versions prior to 0.7.8 and 0.8.7."
0.7.8 is in the tree now
Thanks. Is =media-video/ffmpeg-0.7.8 ready for stabilization?
(In reply to comment #2) > Thanks. Is =media-video/ffmpeg-0.7.8 ready for stabilization? Yes, as usually =) Arches, please test and mark stable: =media-video/ffmpeg-0.7.8 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 ok @aballier, I guess that x11-libs/libXfixes is missing as RDEP.
amd64: pass
+ 28 Nov 2011; Tony Vroon <chainsaw@gentoo.org> ffmpeg-0.7.8.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & + Elijah "Armageddon" El Lazkani in security bug #391421.
Stable for HPPA.
x86 stable
alpha/arm/ia64/sh/sparc stable
ppc/ppc64 done
Thanks folks. Added to existing GLSA request.
CVE-2011-4353 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4353): The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. CVE-2011-4352 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4352): Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.
nothing left to do for media-video@
This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle).