From $URL : version 0.8.5: - Several bugs and crashes have been fixed in the following codecs: Indeo 4 (CVE-2012-2791), VP5/VP6 (CVE-2012-2783), Indeo 3 (CVE-2012-2804), MPEG-1/2 (CVE-2012-2803), MP3 (CVE-2012-2797), AAC (CVE-2012-5144), AC-3 (CVE-2012-2802), AVS (CVE-2012-2801), DFA (CVE-2012-2798)
Archs have fun :-)
I guess you meant this: Arch teams, please test and mark stable: =media-video/libav-0.8.5 Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
CVE-2012-5144 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144): Google Chrome before 23.0.1271.97 does not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2012-2804 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804): Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. CVE-2012-2803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803): Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to resetting the data size value. CVE-2012-2802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802): Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." CVE-2012-2801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801): Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes." CVE-2012-2798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798): Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." CVE-2012-2797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797): Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough." CVE-2012-2791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791): Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors, related to the "transform size." CVE-2012-2783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783): Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame."
ppc stable
Stable for HPPA.
ppc64 stable
alpha stable
arm stable
x86 stable
sparc stable
ia64 stable
Added to existing GLSA draft.
oldest in tree libav-0.8.7, PLEASE CLOSE.
This issue was resolved and addressed in GLSA 201406-28 at http://security.gentoo.org/glsa/glsa-201406-28.xml by GLSA coordinator Chris Reffett (creffett).