Description: "FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in /libavformat/format.c." Patch: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
* CVE-2020-14212 Description: "FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted." Bug: https://trac.ffmpeg.org/ticket/8716
We'll stabilise this shortly if no objections?
arm64 stable
arm stable
ppc64 stable
ppc stable
x86 stable
amd64 stable
sparc stable. Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5aad0c4b02393043056f044fa39114bc1aa595ae commit 5aad0c4b02393043056f044fa39114bc1aa595ae Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-23 21:06:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-27 16:40:18 +0000 media-video/ffmpeg: security cleanup (drop <4.2.4) Bug: https://bugs.gentoo.org/711144 Bug: https://bugs.gentoo.org/718012 Bug: https://bugs.gentoo.org/719940 Bug: https://bugs.gentoo.org/727450 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> media-video/ffmpeg/Manifest | 2 - media-video/ffmpeg/ffmpeg-3.4.6-r1.ebuild | 490 ------------------ media-video/ffmpeg/ffmpeg-4.2.3.ebuild | 556 --------------------- media-video/ffmpeg/files/chromium.patch | 36 -- ...mpeg-3.4.6-fix-building-against-fdk-aac-2.patch | 74 --- media-video/ffmpeg/metadata.xml | 1 - 6 files changed, 1159 deletions(-)
GLSA vote: yes, with bug 718012.
This issue was resolved and addressed in GLSA 202007-58 at https://security.gentoo.org/glsa/202007-58 by GLSA coordinator Sam James (sam_c).