Summary: | <media-video/ffmpeg-0.10.3: Multiple vulnerabilities (CVE-2012-{0947,2771,2773,2778,2780,2781,2805}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alexis Ballier <aballier> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | security |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alexis Ballier
2012-06-08 18:59:26 UTC
btw: diff -u ffmpeg-0.10.2/Changelog ffmpeg-0.10.3/Changelog --- ffmpeg-0.10.2/Changelog 2012-03-16 21:45:47.000000000 -0300 +++ ffmpeg-0.10.3/Changelog 2012-05-05 19:51:35.000000000 -0400 @@ -3,6 +3,25 @@ version next: + +version 0.10.3: + +- Security fixes in the 4xm demuxer, avi demuxer, cook decoder, + mm demuxer, mpegvideo decoder, vqavideo decoder (CVE-2012-0947) and + xmv demuxer. + +- Several bugs and crashes have been fixed in the following codecs: AAC, + APE, H.263, H.264, Indeo 4, Mimic, MJPEG, Motion Pixels Video, RAW, + TTA, VC1, VQA, WMA Voice, vqavideo. + +- Several bugs and crashes have been fixed in the following formats: + ASF, ID3v2, MOV, xWMA + +- This release additionally updates the following codecs to the + bytestream2 API, and therefore benefit from additional overflow + checks: truemotion2, utvideo, vqavideo + + the first item might interest security team (In reply to comment #1) > > the first item might interest security team Thanks, Alexis. http://ffmpeg.org/security.html lists these CVEs as fixed in 0.10.3: CVE-2012-0947, CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, CVE-2012-2781, CVE-2012-2805 amd64 stable x86 stable, thanks Stable for HPPA. arm stable alpha/ia64/sparc stable ppc stable ppc64 stable, last arch done Thanks, everyone. Adding to existing GLSA draft. nothing left to do for media-video@ This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle). |