1 month has passed, bugfix release of 0.10.2, same api, thanks!
btw: diff -u ffmpeg-0.10.2/Changelog ffmpeg-0.10.3/Changelog --- ffmpeg-0.10.2/Changelog 2012-03-16 21:45:47.000000000 -0300 +++ ffmpeg-0.10.3/Changelog 2012-05-05 19:51:35.000000000 -0400 @@ -3,6 +3,25 @@ version next: + +version 0.10.3: + +- Security fixes in the 4xm demuxer, avi demuxer, cook decoder, + mm demuxer, mpegvideo decoder, vqavideo decoder (CVE-2012-0947) and + xmv demuxer. + +- Several bugs and crashes have been fixed in the following codecs: AAC, + APE, H.263, H.264, Indeo 4, Mimic, MJPEG, Motion Pixels Video, RAW, + TTA, VC1, VQA, WMA Voice, vqavideo. + +- Several bugs and crashes have been fixed in the following formats: + ASF, ID3v2, MOV, xWMA + +- This release additionally updates the following codecs to the + bytestream2 API, and therefore benefit from additional overflow + checks: truemotion2, utvideo, vqavideo + + the first item might interest security team
(In reply to comment #1) > > the first item might interest security team Thanks, Alexis. http://ffmpeg.org/security.html lists these CVEs as fixed in 0.10.3: CVE-2012-0947, CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, CVE-2012-2781, CVE-2012-2805
amd64 stable
x86 stable, thanks
Stable for HPPA.
arm stable
alpha/ia64/sparc stable
ppc stable
ppc64 stable, last arch done
Thanks, everyone. Adding to existing GLSA draft.
nothing left to do for media-video@
This issue was resolved and addressed in GLSA 201310-12 at http://security.gentoo.org/glsa/glsa-201310-12.xml by GLSA coordinator Sean Amoss (ackle).