commit c2a2ad133eb9d42361804a568dee336992349a5e Author: Michael Niedermayer <michaelni@gmx.at> Date: Wed Sep 7 14:12:42 2011 +0200 rtp: Fix integer underflow that could allow remote code execution. Fixes MSVR-11-0088 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> commit cb8577a4dac816f264da294ee354311899b10032 Author: Michael Niedermayer <michaelni@gmx.at> Date: Thu Jul 28 14:59:54 2011 +0200 Fix several security issues in matroskadec.c (MSVR-11-0080). Whitespace of the patch cleaned up by Aurel Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> commit 7e33a66c0e178c3576c1ba1648be4295809adca8 Author: Michael Niedermayer <michaelni@gmx.at> Date: Thu Jul 28 14:59:54 2011 +0200 Fix several security issues in matroskadec.c (MSVR-11-0080). Whitespace of the patch cleaned up by Aurel Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> good for a quick stabilisation imho
Great, thank you. Arches, please test and mark stable: =media-video/ffmpeg-0.7.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Archtested on x86: Everything seems fine
amd64 ok
amd64: pass
Stable for HPPA.
x86 stable, thanks JD
arm stable
amd64 done. Thank you all
alpha/ia64/sparc stable
There is a newer version to stabilize via bug 384095.
Rerating B2, and added to existing GLSA request now that stabilization in 384095 has completed. Thanks, folks.
CVE-2011-3974 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3974): Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.
CVE-2011-3973 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3973): cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.
CVE-2011-1931 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1931): sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
CVE-2010-4704 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704): libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
CVE-2010-3908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3908): FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.
nothing left to do for media-video@
This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle).
