Summary: | <media-video/libav-9.14: Vulnerability in LZO (CVE-2014-4609) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | admwiggin, media-video, pacho |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q2/667 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 516208 | ||
Bug Blocks: | 515246, 516206 |
Description
Kristian Fiskerstrand (RETIRED)
2014-06-26 20:42:52 UTC
We are happy to update three release branches: Today, we provide you with Libav 10.2, Libav 9.14, and Libav 0.8.13, which address a number of critical functional and security issues that we have been made aware of. In particular, these releases address the recently discovered LZO issue. Arches please test and mark stable: =media-video/libav-9.14 target keywords :"alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" (In reply to Agostino Sarubbo from comment #2) > Arches please test and mark stable: > =media-video/libav-9.14 > target keywords :"alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" and =virtual/ffmpeg-9 where is required. With the blockers gone, please proceed with stabilization, same as comment #3 amd64 stable as part of the stabilization of gnome 3.12 in bug #512012 x86 stable as part of the stabilization of gnome 3.12 in bug #512012 ppc stable as part of the stabilization of gnome 3.12 in bug #512012 Actual stabilization list for Alpha: dev-libs/openssl-1.0.1h-r2 media-libs/libdc1394-2.2.1 media-libs/libmodplug-0.8.8.4-r1 media-libs/libsamplerate-0.1.8-r1 media-libs/speex-1.2_rc1-r2 media-libs/vo-aacenc-0.1.3 media-libs/x264-0.0.20130506 media-libs/xvid-1.3.2-r1 media-sound/gsm-1.0.13-r1 media-sound/jack-audio-connection-kit-0.121.3-r1 media-sound/lame-3.99.5-r1 media-sound/twolame-0.3.13-r1 media-video/libav-9.14 arm stable Stable for HPPA. ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: No Cleanup done This is part of the Master GLSA for LZO vulnerabilities. Adding to existing GLSA. This issue was resolved and addressed in GLSA 201502-08 at http://security.gentoo.org/glsa/glsa-201502-08.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |