|Summary:||media-video/ffmpeg: libavcodec boundary error (CVE-2005-4048)|
|Product:||Gentoo Security||Reporter:||Thierry Carrez (RETIRED) <koon>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||normal||CC:||alfredh, as.gentoo, bbell, grobian, media-video, net-p2p|
|Whiteboard:||B2 [glsa] DerCorny|
|Package list:||Runtime testing required:||---|
Description Thierry Carrez (RETIRED) 2005-12-20 08:13:14 UTC
See bug 115760 for details. ffmpeg-0.4.9_p20051216 has been committed to fix it.
Comment 1 Thierry Carrez (RETIRED) 2005-12-20 08:17:47 UTC
Arches should put in ~ and test it (carefully) for stable inclusion. Report any problem to the media-video team. Final target KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ~ppc-macos ppc64 sparc x86"
Comment 2 Diego Elio Pettenò (RETIRED) 2005-12-20 08:39:09 UTC
Stable vlc does not work with that version, might require to stable a newer version, too. I would target 0.8.4-r0 as that does not have hal support, both -r1 and 0.8.4a requires HAL 0.5.
Comment 3 Gustavo Zacarias (RETIRED) 2005-12-20 10:50:56 UTC
~sparc'ed, already tested with xine-lib-1.1.1-r3 and other stuff. xine-lib-1.1.1-r3 will need to go stable with this, xvid-1.0.3 too right?
Comment 4 Mark Loeser (RETIRED) 2005-12-20 21:58:48 UTC
Added ~x86. xine-lib-1.1.1-r3, xvid-1.0.3, and vlc-0.8.4 all look good.
Comment 5 Markus Rothe (RETIRED) 2005-12-20 22:20:30 UTC
ffmpeg-0.4.9_p20051216 looks good on PPC64. added ~ppc64. xvid-1.0.3: stable on ppc64. xine-lib-1.1.1-r3: was already ~ppc64.
Comment 6 Ilya Eremin 2005-12-21 15:23:24 UTC
Failes to compile with mmx flags for me, using gcc 4 though i386/h264dsp_mmx.c: In function 'h264_h_loop_filter_luma_mmx2': i386/dsputil_mmx.c:621: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm' i386/dsputil_mmx.c:621: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm'
Comment 7 Michael Hanselmann (hansmi) (RETIRED) 2005-12-22 12:04:05 UTC
Works on ppc.
Comment 8 Mark Loeser (RETIRED) 2005-12-23 18:08:13 UTC
(In reply to comment #6) > Failes to compile with mmx flags for me, using gcc 4 though > i386/h264dsp_mmx.c: In function 'h264_h_loop_filter_luma_mmx2': > i386/dsputil_mmx.c:621: error: can't find a register in class 'GENERAL_REGS' > while reloading 'asm' > i386/dsputil_mmx.c:621: error: can't find a register in class 'GENERAL_REGS' > while reloading 'asm' > This is bug #104966
Comment 9 René Nussbaumer (RETIRED) 2005-12-24 08:22:53 UTC
Looks good on hppa
Comment 10 Thierry Carrez (RETIRED) 2005-12-30 05:00:14 UTC
If it didn't break anything in ~ (yet), please consider the last version for stable inclusion.
Comment 11 Gustavo Zacarias (RETIRED) 2005-12-30 07:31:14 UTC
sparc is happy, sparc is sexy, sparc is stable.
Comment 12 Mark Loeser (RETIRED) 2005-12-30 16:06:36 UTC
ffmpeg-0.4.9_p20051216, xvid-1.0.3, and xine-lib-1.1.1-r3 stable on x86. Should we be marking vlc too? No one else has yet. Let us know and please remove us if not.
Comment 13 Mark Loeser (RETIRED) 2005-12-30 18:09:48 UTC
Current vlc depends on an older ffmpeg, so we should target vlc-0.8.2 to stablize. Adding net-p2p to make sure media-libs/libopendaap-0.3.0 is ready to go stable. Also adding back the other archs that are missing this.
Comment 14 Markus Rothe (RETIRED) 2005-12-31 04:46:17 UTC
stable on ppc64
Comment 15 Diego Elio Pettenò (RETIRED) 2005-12-31 13:53:36 UTC
*** Bug 117295 has been marked as a duplicate of this bug. ***
Comment 16 Diego Elio Pettenò (RETIRED) 2005-12-31 13:54:27 UTC
transcode 0.6.14-r3 needs to go stable where latest ffmpeg is marked stable, too.
Comment 17 Simon Stelling (RETIRED) 2006-01-01 04:14:16 UTC
ffmpeg-0.4.9_p20051216 transcode-0.6.14-r3 xine-lib-1.1.1-r3 marked stable on amd64 xvid-1.0.3 was already stable
Comment 18 Diego Elio Pettenò (RETIRED) 2006-01-01 10:32:16 UTC
*** Bug 117360 has been marked as a duplicate of this bug. ***
Comment 19 Diego Elio Pettenò (RETIRED) 2006-01-01 15:47:48 UTC
*** Bug 108884 has been marked as a duplicate of this bug. ***
Comment 20 Mark Loeser (RETIRED) 2006-01-01 21:18:13 UTC
transcode-0.6.14-r3 libopendaap-0.4.0 vlc-0.8.2-r2 all marked stable. Let us know if anything else is missing.
Comment 21 Attila Stehr 2006-01-02 04:51:12 UTC
Does #20 respectively this bug only refer to x86? If not, libopendaap-0.4.0 NOT marked stable for AMD64 vlc-0.8.2-r2 NOT marked stable for AMD64
Comment 22 Petteri Räty (RETIRED) 2006-01-02 04:57:00 UTC
(In reply to comment #21) > Does #20 respectively this bug only refer to x86? If not, > Comment #20 is for x86 only I think.
Comment 23 Gustavo Zacarias (RETIRED) 2006-01-02 07:36:42 UTC
vlc-0.8.4 sparc stable, 0.8.2 seems to have some colorspace issues. we don't have transcode stable so ignoring.
Comment 24 Tobias Scherbaum (RETIRED) 2006-01-02 10:00:38 UTC
ffmpeg-0.4.9_p20051216 transcode-0.6.14-r3 xine-lib-1.1.1-r3 xvid-1.0.3 all marked ppc stable
Comment 25 Fabian Groffen 2006-01-02 12:32:50 UTC
Comment 26 Thierry Carrez (RETIRED) 2006-01-03 01:05:18 UTC
Yes, amd64 might need to mark newer vlc and libopendaap stable, readding them to make sure.
Comment 27 Simon Stelling (RETIRED) 2006-01-04 10:51:12 UTC
must have missed those.. vlc and libopendaap marked stable on amd64 too
Comment 28 Simon Stelling (RETIRED) 2006-01-04 10:52:53 UTC
*sigh* this is not my day... sorry for the bugspam
Comment 29 Thierry Carrez (RETIRED) 2006-01-09 02:07:06 UTC
GLSA ready, waiting on alpha stable marking.
Comment 30 Bryan Østergaard (RETIRED) 2006-01-09 14:55:25 UTC
Comment 31 Stefan Cornelius (RETIRED) 2006-01-09 14:59:03 UTC
ready for glsa
Comment 32 Stefan Cornelius (RETIRED) 2006-01-10 21:37:54 UTC
GLSA 200601-06 Thanks everybod.