Summary: | <media-video/libav-11.8: multiple vulnerabilities (CVE-2016-{2326,3062}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: |
=media-video/libav-11.8
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 571870 |
Description
Thomas Deutschmann (RETIRED)
2016-11-25 01:28:06 UTC
This was fixed by upstram in v11.7: https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.7#l6 @ Arches, please test and mark stable: =media-video/libav-11.8 CVE-2016-2326 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2326): Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file. 11.8 fixes something else not clearly reported to security lists. Stable on alpha. amd64 stable x86 stable arm stable sparc stable ia64 stable ppc stable ppc64 stable Stable for HPPA. Arches, Thank you for your work. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201705-08 at https://security.gentoo.org/glsa/201705-08 by GLSA coordinator Kristian Fiskerstrand (K_F). ReOpening for cleanup. Maintainer(s), please drop the vulnerable version(s). @maintainer(s), can you please let us know if vulnerable versions can be cleaned or masked, please? |