Summary: | <media-video/ffmpeg-2.2.14: Multiple vulnerabilities (CVE-2014-{2097,2098,2263,8541,8542,8543,8544,8545,8546,8547,8548,8549,9316,9317,9318,9319}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2015-01-10 16:31:41 UTC
I guess 1.2.11 fixes these CVEs, could we proceed? (In reply to Agostino Sarubbo from comment #1) > I guess 1.2.11 fixes these CVEs, could we proceed? it should, but we're going with 2.2; upstream is dropping maintainance on the 1.2 branch anyway
> it should, but we're going with 2.2; upstream is dropping maintainance on
> the 1.2 branch anyway
So with stabilization of 2.2.14, did you backport the patches, a few CVE's state version 2.2.X to 2.3.X?
(In reply to Yury German from comment #3) > > it should, but we're going with 2.2; upstream is dropping maintainance on > > the 1.2 branch anyway > > So with stabilization of 2.2.14, did you backport the patches, a few CVE's > state version 2.2.X to 2.3.X? i didnt backport anything; upstream does it: http://ffmpeg.org/security.html unless i missed something, 2.2.11 already fixes them all please consider the above upstream link as the only authoritative one, I've seen way too much wrong CVEs and such... Thank you for replying. Highest Version of Fixes for CVE's - 2.1.6, 2.2.11, 2.3.6, 2.4.4, 2.5 2.2.14 is being stabilized, but higher version without bugs is 2.2.15 Setting dependency on: 548006 This issue was resolved and addressed in GLSA 201603-06 at https://security.gentoo.org/glsa/201603-06 by GLSA coordinator Kristian Fiskerstrand (K_F). |