CVE-2017-15672(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15672): The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. Patch:http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 @maintainer(s), after bump, please call for stabilization, thank you. Gentoo Security Padawan (jmbailey/mbailey_j)
this is fixed in 3.3.5 that is good to go stable
@arches, please stabilize.
An automated check of this bug failed - repoman reported dependency errors: > dependency.bad media-video/ffmpeg/ffmpeg-3.3.5.ebuild: DEPEND: arm(default/linux/arm/13.0) ['media-plugins/frei0r-plugins', '>=sci-libs/netcdf-4.3.2-r1[hdf5]', '>=sci-libs/hdf5-1.8.18[hl]'] > dependency.bad media-video/ffmpeg/ffmpeg-3.3.5.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['media-plugins/frei0r-plugins', '>=sci-libs/netcdf-4.3.2-r1[hdf5]', '>=sci-libs/hdf5-1.8.18[hl]']
x86 stable
ia64 stable
amd64 stable
arm stable
An automated check of this bug succeeded - the previous repoman errors are now resolved.
ppc64 stable
cleanup will occur in bug #639698 GLSA Vote: No