Summary: | <media-video/ffmpeg-2.2.15: LZO Denial of Service and Arbitrary Code Execution through embedded code (CVE-2014-4610) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q2/676 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 515236, 515246 |
Description
Yury German
2014-06-27 01:14:37 UTC
2.2.4 upstream release seems to contain the fix. So a version bump should do. *** Bug 515236 has been marked as a duplicate of this bug. *** ffmpeg got its own advisory and CVE assignment in http://seclists.org/oss-sec/2014/q2/668 . Making this bug the primary and related bugs as duplicates. http://ffmpeg.org/security.html marks it as fixed in 2.2.4 for the 2.2 branch, we'll go with 2.2.12+ since 1.2 (current stable) is not maintained anymore Since 1.1.X and 1.2.X is no longer maintained and 2.2.14 is being stabilized, but higher version without bugs is 2.2.15. Once stabilized we can clean up 1.1.x and 1.2.x Setting dependency on: 548006 This issue was resolved and addressed in GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06 by GLSA coordinator Kristian Fiskerstrand (K_F). |