livpx contains a vulnerability that could allow a remote attacker to execute code as the local user by enticing the user to open a crafted file. This is fixed in 0.9.5, which is already in the tree. @media-video, are we ok to begin stabilization of =media-libs/libvpx-0.9.5? Thanks!
Arches, please test and mark stable: =media-libs/libvpx-0.9.5 Target keywords : "amd64 x86"
amd64 ok
On x86 I get [STRIP] libvpx.a < libvpx_g.a vp8/common/x86/vp8_asm_stubs.c.o: In function `vp8_sixtap_predict8x4_sse2': vp8_asm_stubs.c:(.text+0x43): undefined reference to `vp8_six_tap_mmx' vp8_asm_stubs.c:(.text+0xab): undefined reference to `vp8_six_tap_mmx' vp8_asm_stubs.c:(.text+0xce): undefined reference to `vp8_six_tap_mmx' vp8_asm_stubs.c:(.text+0x130): undefined reference to `vp8_six_tap_mmx' vp8/common/x86/vp8_asm_stubs.c.o: In function `vp8_sixtap_predict8x8_sse2': vp8_asm_stubs.c:(.text+0x1b3): undefined reference to `vp8_six_tap_mmx' vp8/common/x86/vp8_asm_stubs.c.o:vp8_asm_stubs.c:(.text+0x21b): more undefined references to `vp8_six_tap_mmx' follow vp8/encoder/x86/variance_sse2.c.o: In function `vp8_sub_pixel_variance4x4_wmt': variance_sse2.c:(.text+0xb39): undefined reference to `vp8_vp7_bilinear_filters_mmx' variance_sse2.c:(.text+0xb7e): undefined reference to `vp8_filter_block2d_bil4x4_var_mmx' vp8/encoder/x86/variance_sse2.c.o: In function `vp8_variance4x4_wmt': variance_sse2.c:(.text+0xc8d): undefined reference to `vp8_get4x4var_mmx' vp8/common/x86/subpixel_sse2.asm.o: In function `no symbol': vp8/common/x86/subpixel_sse2.asm:(.text+0x76f): undefined reference to `vp8_bilinear_filters_mmx' /usr/lib/gcc/i686-pc-linux-gnu/4.4.4/../../../../i686-pc-linux-gnu/bin/ld: vp8/common/x86/subpixel_sse2.asm.o: relocation R_386_GOTOFF against undefined symbol `vp8_bilinear_filters_mmx' can not be used when making a shared object /usr/lib/gcc/i686-pc-linux-gnu/4.4.4/../../../../i686-pc-linux-gnu/bin/ld: final link failed: Bad value collect2: ld returned 1 exit status when enabling USE='-mmx sse2' Is this expected?
(In reply to comment #3) > On x86 I get I can reproduce on x86.
(In reply to comment #4) > (In reply to comment #3) > > On x86 I get > > I can reproduce on x86. > Same here on amd64.
No regression, we did not catch that on the first stabilisation, so x86 stable.
Well, amd64 will do the same. No regression. Thanks Agostino
Thanks, folks. GLSA request filed.
Thanks, folks. This was published as GLSA 201101-03.
CVE-2010-4203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4203): WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.