From the advisory: FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library. Upstream has fixed this in svn r16846, i haven't found a release yet.
media-video, do you pull updates from trunk and can provide an ebuild? Or do we wait for the ffmpeg folks for a release?
(In reply to comment #1) > media-video, do you pull updates from trunk and can provide an ebuild? Or do we > wait for the ffmpeg folks for a release? A release is expected around the end of february; I'll make a new snapshot
rev 16916, aka 0.4.9_p20090201 is in the tree; don't forget all the packages bundling ffmpeg too
thanks for the quick response. target keywords for: media-video/ffmpeg-0.4.9_p20090201 alpha, amd64, arm, hppa, ia64, ppc, ppc64, sparc, x86, ~x86-fbsd Please do, we have 10 days maximum for a glsa, so a little testing on this complex piece would not hurt.
Stable on alpha.
# ChangeLog for media-video/ffmpeg # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/media-video/ffmpeg/ChangeLog,v 1.264 2009/02/01 16:23:10 aballier Exp $ *ffmpeg-0.4.9_p20090201 (01 Feb 2009) 01 Feb 2009; Alexis Ballier <aballier@gentoo.org> +ffmpeg-0.4.9_p20090201.ebuild: new snapshot, bug #257217
Stable on alpha. Again (that's what you get for being quick).
ppc64 done
amd64 stable
x86 stable
Stable for HPPA.
ia64/sparc stable
ppc stable
GLSA 200903-33