From the advisory:
FFmpeg contains a type conversion vulnerability while parsing malformed 4X
movie files. The vulnerability may be exploited by a (remote) attacker to
execute arbitrary code in the context of FFmpeg or an application using
the FFmpeg library.
Upstream has fixed this in svn r16846, i haven't found a release yet.
media-video, do you pull updates from trunk and can provide an ebuild? Or do we wait for the ffmpeg folks for a release?
(In reply to comment #1)
> media-video, do you pull updates from trunk and can provide an ebuild? Or do we
> wait for the ffmpeg folks for a release?
A release is expected around the end of february; I'll make a new snapshot
rev 16916, aka 0.4.9_p20090201 is in the tree; don't forget all the packages bundling ffmpeg too
thanks for the quick response.
target keywords for: media-video/ffmpeg-0.4.9_p20090201
alpha, amd64, arm, hppa, ia64, ppc, ppc64, sparc, x86, ~x86-fbsd
Please do, we have 10 days maximum for a glsa, so a little testing on this complex piece would not hurt.
Stable on alpha.
# ChangeLog for media-video/ffmpeg
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/media-video/ffmpeg/ChangeLog,v 1.264 2009/02/01 16:23:10 aballier Exp $
*ffmpeg-0.4.9_p20090201 (01 Feb 2009)
01 Feb 2009; Alexis Ballier <email@example.com>
new snapshot, bug #257217
Stable on alpha. Again (that's what you get for being quick).
Stable for HPPA.