integer overflow in libtheora before 1.1. This also affects mozilla-firefox (already handled in #297532) and seamonkey 2.0 (not in portage). So probably left to do is stabilizing libtheora 1.1.1.
(In reply to comment #0) > So probably left to do is stabilizing libtheora 1.1.1. This is quite old now, is there any reason it hasn't been done yet? FWIW, I've been using libtheora 1.1.1 for a couple of months now with no problems at all.
Sorry about the delay. media-video, can you please ACK this request?
(In reply to comment #2) > Sorry about the delay. > > media-video, can you please ACK this request? > There *were* once upon a time some dep issues with ffmpeg/libavcodec, but those have since been resolved. I believe everything else should be okay now.
Good, thanks for the fast response. If there are still any issues, I hope the arch teams will find them: Arches, please test and mark stable: =media-libs/libtheora-1.1.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Stable for HPPA.
Stable for PPC.
x86 stable, no issues found
ppc64 done
Stable on amd64
alpha/arm/ia64/sh/sparc stable
GLSA request filed.
This issue was resolved and addressed in GLSA 201312-04 at http://security.gentoo.org/glsa/glsa-201312-04.xml by GLSA coordinator Chris Reffett (creffett).