CVE-2012-0823 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0823): VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".
1.0.0 in tree
Arches, please test and mark stable: =media-libs/libvpx-1.0.0 Target KEYWORDS : "alpha amd64 ppc x86"
wowowow, i would wait for firefox to be fixed first :) (bug #401985)
amd64 stable
Please do not stbilize libvpx-1.0.0 before bug #401985 got fixed.
(In reply to comment #1) > 1.0.0 in tree Alexis I need to know why ppc/ppc64 was drop'd before I can move forward with mozilla products. I am not gonna drop support for either arch.
(In reply to comment #6) > (In reply to comment #1) > > 1.0.0 in tree > > Alexis I need to know why ppc/ppc64 was drop'd before I can move forward > with mozilla products. I am not gonna drop support for either arch. It compiles fine on ppc*, so are the rdeps (I've tested libav,ffmpeg). Marked ~ppc/~ppc64 and lifted 'vpx' use.mask. It can be used as stable candidate pending further testing along with bug 360427
ALL archs are fine to stabilize as far as mozilla products go, you will need to stabilize latest ebuild for tb/fx/sm/icecat at the same time to prevent brekage. Thanks
Doesn't compile on alpha, see bug 406821.
ppc done
x86 done (as part of bug 408161)
Stable on alpha.
Thanks, folks. GLSA Vote: no.
GLSA vote: not so much. Closing noglsa.