CVE-2022-1475: https://bugzilla.redhat.com/show_bug.cgi?id=2076764 An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. Patch: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb33595d7124b0e0ce9f569c2383dea5215203fc commit bb33595d7124b0e0ce9f569c2383dea5215203fc Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-03 01:11:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-03 01:11:11 +0000 media-video/ffmpeg: add 4.4.2 Bug: https://bugs.gentoo.org/842267 Signed-off-by: Sam James <sam@gentoo.org> media-video/ffmpeg/Manifest | 2 + media-video/ffmpeg/ffmpeg-4.4.2.ebuild | 581 +++++++++++++++++++++++++++++++++ 2 files changed, 583 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31baf58256ca04e305510ce86df9f6d83948f853 commit 31baf58256ca04e305510ce86df9f6d83948f853 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-09-03 05:24:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-03 05:25:22 +0000 media-video/ffmpeg: add 4.2.7 Fixes a bunch of CVEs that we've had fixed in newer versions for a while, but until we can clean up 4.2.x, we may as well bump to the latest in that series... Bug: https://bugs.gentoo.org/842267 Bug: https://bugs.gentoo.org/795696 Bug: https://bugs.gentoo.org/781146 Signed-off-by: Sam James <sam@gentoo.org> media-video/ffmpeg/Manifest | 1 + media-video/ffmpeg/ffmpeg-4.2.7.ebuild | 556 +++++++++++++++++++++ .../ffmpeg-4.2.7-libsdl2-new-version-scheme.patch | 26 + 3 files changed, 583 insertions(+)
Oops, typo'd the bug number: commit 411e3759c45ffb1060a5f00a6a50755862b2e80d Author: John Helmert III <ajak@gentoo.org> Date: Mon Oct 10 10:26:17 2022 -0500 media-video/ffmpeg: drop 4.2.4-r2 Bug: https://bugs.gentoo.org/847267 Bug: https://bugs.gentoo.org/795696 Bug: https://bugs.gentoo.org/781146 Signed-off-by: John Helmert III <ajak@gentoo.org>
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=054115a94fa38350f4468052ec239cbacb5b8e26 commit 054115a94fa38350f4468052ec239cbacb5b8e26 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-23 11:07:01 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-23 11:07:29 +0000 [ GLSA 202312-14 ] FFmpeg: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/795696 Bug: https://bugs.gentoo.org/842267 Bug: https://bugs.gentoo.org/881523 Bug: https://bugs.gentoo.org/903805 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-14.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+)