Description: "FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer." Bug: https://trac.ffmpeg.org/ticket/8093
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5aad0c4b02393043056f044fa39114bc1aa595ae commit 5aad0c4b02393043056f044fa39114bc1aa595ae Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-23 21:06:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-27 16:40:18 +0000 media-video/ffmpeg: security cleanup (drop <4.2.4) Bug: https://bugs.gentoo.org/711144 Bug: https://bugs.gentoo.org/718012 Bug: https://bugs.gentoo.org/719940 Bug: https://bugs.gentoo.org/727450 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> media-video/ffmpeg/Manifest | 2 - media-video/ffmpeg/ffmpeg-3.4.6-r1.ebuild | 490 ------------------ media-video/ffmpeg/ffmpeg-4.2.3.ebuild | 556 --------------------- media-video/ffmpeg/files/chromium.patch | 36 -- ...mpeg-3.4.6-fix-building-against-fdk-aac-2.patch | 74 --- media-video/ffmpeg/metadata.xml | 1 - 6 files changed, 1159 deletions(-)
This issue was resolved and addressed in GLSA 202007-58 at https://security.gentoo.org/glsa/202007-58 by GLSA coordinator Sam James (sam_c).
