Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 119512 - media-plugins/gst-plugins-ffmpeg is affected by CVE-2005-4048
Summary: media-plugins/gst-plugins-ffmpeg is affected by CVE-2005-4048
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Blocks: 119737
  Show dependency tree
Reported: 2006-01-19 01:05 UTC by Thierry Carrez (RETIRED)
Modified: 2006-02-05 11:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

config.log (config.log,49.55 KB, text/plain)
2006-01-19 13:14 UTC, Simon Stelling (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2006-01-19 01:05:09 UTC
From joem: the patched ebuilds are 0.8.7-r1 and 0.10.0-r1
Can we call for stable on 0.8.7-r1 or is it not ready for prime-time ?
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2006-01-19 01:06:27 UTC
setting status whiteboard
Comment 2 Joe McCann (RETIRED) gentoo-dev 2006-01-19 09:25:22 UTC
the 0.10 branch is still in package.maask so that shouldn't be an issue. 0.8.7-r1 can be marked stable.
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-19 12:37:22 UTC
ok, lets go for it: arches please test and mark stable
Comment 4 Simon Stelling (RETIRED) gentoo-dev 2006-01-19 13:14:27 UTC
Created attachment 77575 [details]

checking for pkg-config... /usr/bin/pkg-config
checking for gstreamer-0.8 >= 0.8.4                    gstreamer-libs-0.8... configure: error: no GStreamer found

!!! Please attach the config.log to your bug report:
!!! /var/tmp/portage/gst-plugins-ffmpeg-0.8.7-r1/work/gst-ffmpeg-0.8.7/config.log

!!! ERROR: media-plugins/gst-plugins-ffmpeg-0.8.7-r1 failed.
!!! Function econf, Line 495, Exitcode 0
!!! econf failed

note that gstreamer-0.8.10 is installed and /usr/lib64/pkgconfig/gstreamer-0.8.pc is in place and looks sane
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2006-01-20 12:24:59 UTC
Didn't hit the build issue, but then i'm on gstreamer & co version 0.8.11.
As a precaution and looking into doing bug #119634 i'm bumping all of gst-0.8.11 to stable too. Remember to bump all of the gst-plugins you have stable too or you'll get up/downgrade cycles.
Also had to adjust totem DEPs since they locked down to ( =gst-plugins-ffmpeg-0.8.6 || =gst-plugins-ffmpeg-0.8.7 ) (changed to ~)
sparc done.
Comment 6 Joshua Jackson (RETIRED) gentoo-dev 2006-01-20 15:13:08 UTC
Stable on x86
Comment 7 Markus Rothe (RETIRED) gentoo-dev 2006-01-20 23:41:59 UTC
stable on ppc64
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2006-01-21 04:02:39 UTC
Stable on hppa
Comment 9 Simon Stelling (RETIRED) gentoo-dev 2006-01-21 05:32:30 UTC
nevermind, it turned out i must have done something not-so-intelligent in my pkgconfig dir, remerging gst-plugins did fix it

amd64 stable
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2006-01-21 07:16:54 UTC
Stabled on ppc by hansmi.
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2006-01-29 13:48:15 UTC
Stable on alpha + ia64.
Comment 12 Wolf Giesen (RETIRED) gentoo-dev 2006-01-31 01:07:52 UTC
To properly understand this:

As I understand it, the bug is in libavcodec, so it should be in media-video/ffmpeg, too, right?

Is gst-plugins-ffmpeg a wrapper to go with ffmpeg or does it contain its own version of the library?
Comment 13 Saleem Abdulrasool (RETIRED) gentoo-dev 2006-02-03 13:53:41 UTC
gst-plugins-0.8.7-r1 is stable on all arches.  Marking as fixed.
Comment 14 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-03 14:03:08 UTC
Sorry, reopening the bug as security needs to send the GLSA first (draft is finished and approved, will be done soon).
Comment 15 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-05 11:31:53 UTC
GLSA 200602-01

Thanks everybody.