Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 285719

Summary: <media-video/ffmpeg-0.5_p19928: "vmd_read_header()" Integer Overflow Vulnerability
Product: Gentoo Security Reporter: Alexis Ballier <aballier>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/36760/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 283953, 284695, 285414, 285612, 285896, 285898    
Bug Blocks:    

Description Alexis Ballier gentoo-dev 2009-09-20 16:19:17 UTC
See $URL.
I've just pushed a newer snapshot because there weren't annoying changes since the last one.
Please investigate if we need to stabilize it. In that case, we'll need to make a couple of packages go with it at the same time and check the reverse dependencies.
Comment 1 Alexis Ballier gentoo-dev 2009-09-22 04:51:13 UTC
blender-2.48a fails to build against this version
Comment 2 Alexis Ballier gentoo-dev 2009-09-22 06:59:35 UTC
Should be all set up now. I'm done there. I'll let you handle the stable blockers with the respective maintainers.

For arch teams testing, there is the test suite and there's also fate: http://fate.multimedia.cx/
If you want to run this at home, you can have a look at:
http://fate.multimedia.cx/running.html
And grab my hacked fateconfig.py: http://dev.gentoo.org/~aballier/fateconfig.py

Compare the results with the expected ones on the first link. Note that some fate boxes are running Gentoo.
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-10 11:54:10 UTC
That version of ffmpeg is not even in the tree, so nothing to stabilize. Should we make the decision about GLSA?
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 22:25:24 UTC
Added to pending GLSA request.
Comment 5 Alexis Ballier gentoo-dev 2013-08-14 21:11:51 UTC
nothing left to do for media-video@
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 19:10:50 UTC
This issue was resolved and addressed in
 GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml
by GLSA coordinator Sean Amoss (ackle).