+++ This bug was initially created as a clone of Bug #257217 +++ From the advisory: FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library. Upstream has fixed this in svn r16846, i haven't found a release yet.
git master gst-ffmpeg is already depending on a much more recent ffmpeg revision. gst-ffmpeg-0.10.7 (which is going to be released within the next 2-3 weeks) will have the fix.
Gstreamer/Gnome, we'd like a shorter timeframe for fixing this issue within the gstreamer package. Would it be possible to bump the ffmpeg branch or apply the patch onto an existing release?
the gst-ffmpeg in the tree uses the media-libs/ffmpeg package, not the internal copy... so this bug is INVALID.
