CVE-2018-5766 (https://nvd.nist.gov/vuln/detail/CVE-2018-5766): In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file. CVE-2018-5684 (https://nvd.nist.gov/vuln/detail/CVE-2018-5684): In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file. @Maintainers, 12.2 is in tree, are we affected in previous versions? Thank you Mike Boyle Gentoo Security Padawan
CVE-2017-18244 (https://nvd.nist.gov/vuln/detail/CVE-2017-18244): The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply. CVE-2017-18243 (https://nvd.nist.gov/vuln/detail/CVE-2017-18243): The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file. CVE-2017-18242 (https://nvd.nist.gov/vuln/detail/CVE-2017-18242): The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.
https://pybin.pw/rw5jqt3c 12.3 is available to download
where is problem with libav-12.3 package? simple copy of libav-12.2.ebuild to libav-12.3.ebuild will create working package without these security bugs
Please confirm this is fixed - 12.3 in tree.
libav-12.3 from tree working fine
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1063b59ef317fdc6dd640b60437f6fb143a2ac commit ae1063b59ef317fdc6dd640b60437f6fb143a2ac Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2020-04-26 15:14:48 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2020-04-26 15:22:46 +0000 media-video/libav: remove last-rited pkg Closes: https://bugs.gentoo.org/show_bug.cgi?id=452482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=458768 Closes: https://bugs.gentoo.org/show_bug.cgi?id=470764 Closes: https://bugs.gentoo.org/show_bug.cgi?id=499256 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509974 Closes: https://bugs.gentoo.org/show_bug.cgi?id=519602 Closes: https://bugs.gentoo.org/show_bug.cgi?id=525070 Closes: https://bugs.gentoo.org/show_bug.cgi?id=555114 Closes: https://bugs.gentoo.org/show_bug.cgi?id=564040 Closes: https://bugs.gentoo.org/show_bug.cgi?id=587054 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588986 Closes: https://bugs.gentoo.org/show_bug.cgi?id=701952 Closes: https://bugs.gentoo.org/show_bug.cgi?id=538790 Closes: https://bugs.gentoo.org/show_bug.cgi?id=711206 Closes: https://bugs.gentoo.org/show_bug.cgi?id=489922 Closes: https://bugs.gentoo.org/show_bug.cgi?id=409957 Closes: https://bugs.gentoo.org/show_bug.cgi?id=445854 Closes: https://bugs.gentoo.org/show_bug.cgi?id=474408 Closes: https://bugs.gentoo.org/show_bug.cgi?id=509294 Closes: https://bugs.gentoo.org/show_bug.cgi?id=522350 Closes: https://bugs.gentoo.org/show_bug.cgi?id=546080 Closes: https://bugs.gentoo.org/show_bug.cgi?id=588482 Closes: https://bugs.gentoo.org/show_bug.cgi?id=603726 Closes: https://bugs.gentoo.org/show_bug.cgi?id=694082 Closes: https://bugs.gentoo.org/show_bug.cgi?id=634102 Closes: https://bugs.gentoo.org/show_bug.cgi?id=542186 Closes: https://bugs.gentoo.org/show_bug.cgi?id=635524 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651218 Closes: https://bugs.gentoo.org/show_bug.cgi?id=651220 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> media-video/libav/Manifest | 3 - media-video/libav/files/libav-12.3-x264.patch | 85 ------- media-video/libav/libav-12.3.ebuild | 350 -------------------------- media-video/libav/libav-13_pre20171219.ebuild | 336 ------------------------- media-video/libav/libav-9999.ebuild | 339 ------------------------- media-video/libav/metadata.xml | 35 --- 6 files changed, 1148 deletions(-)