From upstream link at $URL Today, we update our latest release series 0.8 with the release Libav 0.8.1. As usual, this release includes a number of functional corrections and security fixes, such as: CVE-2012-0848 CVE-2012-0853 CVE-2012-0858 CVE-2011-3929 CVE-2011-3936 CVE-2011-3937 CVE-2011-3940 CVE-2011-3945 CVE-2011-3947 CVE-2011-3951 CVE-2011-3952 The following bugs in our Bugzilla have been fixed: http://bugzilla.libav.org/show_bug.cgi?id=212 http://bugzilla.libav.org/show_bug.cgi?id=216 http://bugzilla.libav.org/show_bug.cgi?id=220 http://bugzilla.libav.org/show_bug.cgi?id=221 http://bugzilla.libav.org/show_bug.cgi?id=227 http://bugzilla.libav.org/show_bug.cgi?id=237
Already talked with lu_zero, and we will check all rdepend before adding arches
*** Bug 412817 has been marked as a duplicate of this bug. ***
All the issues on the tracker that could be fixed were fixed. Please proceed.
Agostino, should we be stabilizing libav? I don't see it as have any stable versions on any arches at the moment... It feels like this should be resolved as "~2 [noglsa]" right? Thanks.
(In reply to comment #4) > Agostino, should we be stabilizing libav? I don't see it as have any stable > versions on any arches at the moment... It feels like this should be > resolved as "~2 [noglsa]" right? Thanks. It had stables, I just dropped the affected stable version.
(In reply to comment #5) > > It had stables, I just dropped the affected stable version. Ok, thank you. Arches, please test and mark stable: =media-video/libav-0.8.1
x86 stable
Adding back x86, as 0.8.1 has another cve. Added 0.8.2 that should have it fixed.
x86 stable, thanks! For the record, x86 doesn't suffer from bug 409957.
amd64 done
Stable for HPPA.
ppc64 done
arm stable
Stable on alpha.
ia64/sparc stable
ppc done
Thanks, folks. Already in GLSA request.
CVE-2012-0947 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947): Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size. CVE-2012-0858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0858): The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". CVE-2012-0853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0853): The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. CVE-2012-0848 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0848): Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." CVE-2011-3952 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952): The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. CVE-2011-3951 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951): The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file. CVE-2011-3947 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947): Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. CVE-2011-3940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940): nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams." CVE-2011-3936 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936): The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. CVE-2011-3929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929): The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
CVE-2011-3945 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945): The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.
This issue was resolved and addressed in GLSA 201210-06 at http://security.gentoo.org/glsa/glsa-201210-06.xml by GLSA coordinator Sean Amoss (ackle).