Summary: | media-video/libav Multiple Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Boyle <boylemic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gentoo, gentoo_bugs, media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [upstream/ebuild cve] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Boyle
2018-03-23 02:55:49 UTC
CVE-2017-18244 (https://nvd.nist.gov/vuln/detail/CVE-2017-18244): The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply. CVE-2017-18243 (https://nvd.nist.gov/vuln/detail/CVE-2017-18243): The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file. CVE-2017-18242 (https://nvd.nist.gov/vuln/detail/CVE-2017-18242): The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file. https://pybin.pw/rw5jqt3c 12.3 is available to download where is problem with libav-12.3 package? simple copy of libav-12.2.ebuild to libav-12.3.ebuild will create working package without these security bugs Please confirm this is fixed - 12.3 in tree. libav-12.3 from tree working fine The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1063b59ef317fdc6dd640b60437f6fb143a2ac commit ae1063b59ef317fdc6dd640b60437f6fb143a2ac Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2020-04-26 15:14:48 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2020-04-26 15:22:46 +0000 media-video/libav: remove last-rited pkg Closes: https://bugs.gentoo.org/show_bug.cgi?id=452482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=458768 Closes: https://bugs.gentoo.org/show_bug.cgi?id=470764 Closes: https://bugs.gentoo.org/show_bug.cgi?id=499256 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509974 Closes: https://bugs.gentoo.org/show_bug.cgi?id=519602 Closes: https://bugs.gentoo.org/show_bug.cgi?id=525070 Closes: https://bugs.gentoo.org/show_bug.cgi?id=555114 Closes: https://bugs.gentoo.org/show_bug.cgi?id=564040 Closes: https://bugs.gentoo.org/show_bug.cgi?id=587054 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588986 Closes: https://bugs.gentoo.org/show_bug.cgi?id=701952 Closes: https://bugs.gentoo.org/show_bug.cgi?id=538790 Closes: https://bugs.gentoo.org/show_bug.cgi?id=711206 Closes: https://bugs.gentoo.org/show_bug.cgi?id=489922 Closes: https://bugs.gentoo.org/show_bug.cgi?id=409957 Closes: https://bugs.gentoo.org/show_bug.cgi?id=445854 Closes: https://bugs.gentoo.org/show_bug.cgi?id=474408 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509294 Closes: https://bugs.gentoo.org/show_bug.cgi?id=522350 Closes: https://bugs.gentoo.org/show_bug.cgi?id=546080 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=603726 Closes: https://bugs.gentoo.org/show_bug.cgi?id=694082 Closes: https://bugs.gentoo.org/show_bug.cgi?id=634102 Closes: https://bugs.gentoo.org/show_bug.cgi?id=542186 Closes: https://bugs.gentoo.org/show_bug.cgi?id=635524 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651218 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651220 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> media-video/libav/Manifest | 3 - media-video/libav/files/libav-12.3-x264.patch | 85 ------- media-video/libav/libav-12.3.ebuild | 350 -------------------------- media-video/libav/libav-13_pre20171219.ebuild | 336 ------------------------- media-video/libav/libav-9999.ebuild | 339 ------------------------- media-video/libav/metadata.xml | 35 --- 6 files changed, 1148 deletions(-) |