Summary: | <media-video/ffmpeg-3.2: buffer overflow when decoding swf | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/08/12/6 | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 574788 |
Description
Agostino Sarubbo
2016-08-14 10:34:52 UTC
3.x is not ready for stable; i dont see the commit backported in 2.8 branch yet, let's wait a few days and advise then 10:03 < aballier> michaelni: any reason 6aa39080ccea2b60433e920417844c3a3c0da50b is not in 2.8.8 ? is < 3.0 not affected ? 11:35 < michaelni> aballier, 2.8 is not affected, 3.0 was the first release affected so it only affects pmasked versions @ maintainer(s): Please cleanup all 3.x versions from tree not containing 6aa39080ccea2b60433e920417844c3a3c0da50b. (In reply to Thomas Deutschmann from comment #3) > @ maintainer(s): Please cleanup all 3.x versions from tree not containing > 6aa39080ccea2b60433e920417844c3a3c0da50b. No cleanup necessary yet. Added a blocker on ffmpeg 3.x stabilization. (In reply to Aaron Bauman from comment #4) > (In reply to Thomas Deutschmann from comment #3) > > @ maintainer(s): Please cleanup all 3.x versions from tree not containing > > 6aa39080ccea2b60433e920417844c3a3c0da50b. > > No cleanup necessary yet. Added a blocker on ffmpeg 3.x stabilization. All the affected versions have been cleaned up. As noted above, 2.8, i.e. current stable and ~arch is not affected. Only pmasked versions were ever affected for us. |