From secunia security advisor at $URL: Description: The vulnerabilities are caused due to various errors related to the "svq3_get_se_golomb()" function and can be exploited by tricking a user into opening specially crafted media files. The vulnerabilities are reported in versions prior to 0.7.5 Solution: Update to version 0.7.5 @maintainer Please also remove 0.8.x version and bump 0.8.4
(In reply to comment #0) > Solution: > Update to version 0.7.5 > > @maintainer > Please also remove 0.8.x version and bump 0.8.4 done some hours ago
oh and i prefer removing matching 0.7.x and 0.8.x-1 versions together, meaning eg 0.8.3 goes away with 0.7.4
Thanks Alexis. Arches please test and mark stable: =media-video/ffmpeg-0.7.5 Target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 fine, QA about dodoc is not a regression
+ 22 Sep 2011; Tony Vroon <chainsaw@gentoo.org> ffmpeg-0.7.5.ebuild: + Marked stable on based on arch testing by Agostino "ago" Sarubbo in security + bug #384095.
x86 stable
Stable for HPPA.
ppc/ppc64 stable
alpha/arm/ia64/sparc stable
Thanks, everyone. Added to existing GLSA request.
nothing left to do for media-video@
This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle).