Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 389807

Summary: <media-video/ffmpeg-0.7.7 Multiple Vulnerabilities
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/46736/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2011-11-07 12:39:44 UTC 
From secunia security advisory at $URL:

Description:
The vulnerabilities are caused due to various errors and can be exploited to e.g. cause out-of-bounds reads and writes, double-frees, and buffer overflows via e.g. specially crafted media content.

The vulnerabilities are reported in versions prior to 0.7.7 and 0.8.6.

Solution:
Update to versions 0.7.7
Comment 1 Alexis Ballier gentoo-dev 2011-11-07 13:21:20 UTC 
added the ebuild ~1 hour ago :)
Comment 2 Agostino Sarubbo gentoo-dev 2011-11-07 13:38:11 UTC 
Thanks Alexis.


Arches please test and mark stable:

=media-video/ffmpeg-0.7.7

Target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2011-11-07 13:46:15 UTC 
amd64 ok, there is still dodoc failure ( bug 373599 )
Comment 4 Richard Freeman gentoo-dev 2011-11-08 03:23:08 UTC 
amd64 stable - thanks for testing
Comment 5 Jeff (JD) Horelick (RETIRED) gentoo-dev 2011-11-08 05:04:39 UTC 
Archtested on x86: Everything fine
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2011-11-08 22:40:19 UTC 
Stable for HPPA.
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-09 13:53:07 UTC 
x86 stable
Comment 8 Markus Meier gentoo-dev 2011-11-13 21:15:20 UTC 
arm stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-11-19 17:44:39 UTC 
alpha/ia64/sparc stable
Comment 10 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-11-25 19:57:29 UTC 
ppc/ppc64 stable, last arch done
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-11-28 05:50:05 UTC 
Thanks, everyone. Added to existing GLSA request.
Comment 12 Alexis Ballier gentoo-dev 2013-08-14 21:14:35 UTC 
nothing left to do for media-video@
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 19:11:37 UTC 
This issue was resolved and addressed in
 GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml
by GLSA coordinator Sean Amoss (ackle).