Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 115849 - media-libs/xine-lib contains vulnerable ffmpeg (CVE-2005-4048)
Summary: media-libs/xine-lib contains vulnerable ffmpeg (CVE-2005-4048)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on: 115760
  Show dependency tree
Reported: 2005-12-17 05:36 UTC by Thierry Carrez (RETIRED)
Modified: 2006-11-11 19:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2005-12-17 05:36:00 UTC
See bug 115760 for details.

ffmeg and xine-lib updated versions are available, using this bug to track stable marking progress.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-12-17 05:50:07 UTC
Removing ffmpeg as more work is needed before it can be called for stable.
Arches please test and mark stable, with following target KEYWORDS :

* xine-lib-1.1.1-r2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

You are advised to add the -r3 to ~ for testing if you can.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-12-17 05:53:23 UTC
Much better title.
Comment 3 Jeffrey Forman (RETIRED) gentoo-dev 2005-12-17 06:16:41 UTC
Quick change of platform in bugzilla. Sorry about the email.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2005-12-17 12:19:45 UTC
stable on ppc64
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-17 14:42:34 UTC
Stable on ppc.
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2005-12-19 09:13:22 UTC
1.1.1-r3 seems to work fine on sparc with patchlevel 21 and xvid-1.0.3 + ffmpeg-0.4.9_p20051216.
1.1.1-r2 doesn't do it with patchlevel 17a (much less with 17).
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2005-12-19 11:14:26 UTC
1.1.1-r2 sparc stable after Diego's fixes.

Comment 8 Luis Medinas (RETIRED) gentoo-dev 2005-12-19 11:50:13 UTC
amd64 done
Comment 9 René Nussbaumer (RETIRED) gentoo-dev 2005-12-19 14:07:48 UTC
Stable on hppa
Comment 10 Mark Loeser (RETIRED) gentoo-dev 2005-12-19 17:31:01 UTC
x86 done
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2005-12-23 18:03:25 UTC
Stable on alpha + ia64.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-23 23:42:02 UTC
good, this is ready for glsa
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-12-28 07:53:06 UTC
I'd rather wait for ffmpeg and mplayer to be fixed and stable too to issue this one.
Comment 14 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-10 21:38:10 UTC
GLSA 200601-06
Thanks everybody.