Summary: | <media-video/ffmpeg-1.0.7: Multiple Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/53766/ | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 473302 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-06-19 09:43:47 UTC
(In reply to Agostino Sarubbo from comment #0) the jpeg2000 and smvjpeg native decoders were never released and are currently only in ffmpeg master, hence a non-issue for us. > 4) An error within the "tiff_unpack_strip()" function > (libavcodec/tiff.c) can be exploited to cause an out of bounds memory > access. http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c2216976907336dfae0e8e38a4d70ca2465a92c this is only libav people catching up and causing confusion by not giving proper credits: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fefc65675eb5def2a34787cffea53c88e956cca1 this is fixed since a long time in the 1.0 branch (and hence 1.0.7) Need sparc stabilized to drop 1.0.6, sparc team: please stable media-video/ffmpeg-1.0.7. Also, is ffmpeg-0.10.7.ebuild affected by this? If so, please also CC alpha for keyword & stable. (In reply to Chris Reffett from comment #2) yes and this is handled in bug #473302 ... Adding to existing GLSA draft. This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle). |