Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 420305 (CVE-2012-0947) - <media-video/ffmpeg-0.10.3: Multiple vulnerabilities (CVE-2012-{0947,2771,2773,2778,2780,2781,2805})
Summary: <media-video/ffmpeg-0.10.3: Multiple vulnerabilities (CVE-2012-{0947,2771,277...
Alias: CVE-2012-0947
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2012-06-08 18:59 UTC by Alexis Ballier
Modified: 2013-10-25 19:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2012-06-08 18:59:26 UTC
1 month has passed, bugfix release of 0.10.2, same api, thanks!
Comment 1 Alexis Ballier gentoo-dev 2012-06-09 16:37:04 UTC

diff -u ffmpeg-0.10.2/Changelog ffmpeg-0.10.3/Changelog 
--- ffmpeg-0.10.2/Changelog	2012-03-16 21:45:47.000000000 -0300
+++ ffmpeg-0.10.3/Changelog	2012-05-05 19:51:35.000000000 -0400
@@ -3,6 +3,25 @@
 version next:
+version 0.10.3:
+- Security fixes in the 4xm demuxer, avi demuxer, cook decoder,
+  mm demuxer, mpegvideo decoder, vqavideo decoder (CVE-2012-0947) and
+  xmv demuxer.
+- Several bugs and crashes have been fixed in the following codecs: AAC,
+  APE, H.263, H.264, Indeo 4, Mimic, MJPEG, Motion Pixels Video, RAW,
+  TTA, VC1, VQA, WMA Voice, vqavideo.
+- Several bugs and crashes have been fixed in the following formats:
+  ASF, ID3v2, MOV, xWMA
+- This release additionally updates the following codecs to the
+  bytestream2 API, and therefore benefit from additional overflow
+  checks: truemotion2, utvideo, vqavideo

the first item might interest security team
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-06-10 23:23:54 UTC
(In reply to comment #1)
> the first item might interest security team

Thanks, Alexis. lists these CVEs as fixed in 0.10.3:

CVE-2012-0947, CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, CVE-2012-2780,
CVE-2012-2781, CVE-2012-2805
Comment 3 Agostino Sarubbo gentoo-dev 2012-06-11 13:11:01 UTC
amd64 stable
Comment 4 Andreas Schürch gentoo-dev 2012-06-13 16:17:03 UTC
x86 stable, thanks
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2012-06-13 16:47:53 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2012-06-17 20:00:17 UTC
arm stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2012-06-23 17:10:33 UTC
alpha/ia64/sparc stable
Comment 8 Michael Weber (RETIRED) gentoo-dev 2012-07-09 05:18:47 UTC
ppc stable
Comment 9 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2012-09-20 12:03:53 UTC
ppc64 stable, last arch done
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-20 13:17:46 UTC
Thanks, everyone.

Adding to existing GLSA draft.
Comment 11 Alexis Ballier gentoo-dev 2013-08-14 21:16:29 UTC
nothing left to do for media-video@
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 19:11:52 UTC
This issue was resolved and addressed in
 GLSA 201310-12 at
by GLSA coordinator Sean Amoss (ackle).