Summary: | media-libs/xvid <1.1.3 Avi/H263/MPEG array index vulnerability (CVE-2007-3329) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Drew (RETIRED) <aetius> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dcecchin, gentoo, media-video, mr_bones_ |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/25711/ | ||
Whiteboard: | A2 [glsa+] aetius | ||
Package list: | Runtime testing required: | --- |
Description
Matt Drew (RETIRED)
2007-06-25 13:52:26 UTC
setting status. head is patched: http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/bitstream/mbcoding.c xvid-1.1.3 was released today w/this fix *** Bug 183786 has been marked as a duplicate of this bug. *** Bumped but temp. masked for testing. Security, don't do anything yet.. Applications in tree using xvid: media-tv/xdtv:xvid media-video/avidemux:xvid media-video/ffmpeg:xvid media-video/gpac:xvid media-video/mpeg4ip:xvid media-video/mplayer:xvid media-video/transcode:xvid Reporting back here when it's tested and unmasked. Text relocation from bug 135326 is still present at version 1.1.3 which is now unmasked, it's NOT a regression to current stable 1.1.0-r3. I've tested mplayer and ffmpeg with multiple video files and they are fine. Proceed and let arch teams test[1] and stable it. [1] Would be nice to have input from arch testers about other applications listed in this bug. ok moving to stable. Arches, please stabilize: media-libs/xvid-1.1.3 Sorry about the delay. sparc stable. Stable for HPPA. ppc64 stable alpha/x86 stable amd64 stable ia64 stable, thanks drac for fixing this :) ppc stable arm folks, any progress? I'm going ahead with the glsa-request on this, since we're already late. arm is not security supported, and the glsa has already been drafted by Dercorny, you may review it, and others drafts too actually :) xvid-1.0.2.ebuild:KEYWORDS="~mips" xvid-1.0.3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" xvid-1.1.0-r1.ebuild:KEYWORDS="alpha amd64 ~arm hppa ~ia64 ppc ppc64 sparc x86 ~x86-fbsd" xvid-1.1.0-r3.ebuild:KEYWORDS="alpha amd64 arm ~hppa ia64 ~ppc ppc64 sparc x86 ~x86-fbsd" xvid-1.1.3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" Looks done to me except for ~mips at xvid-1.0.2 GLSA 200708-02, thanks everybody. |