OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue. Commit fix: https://github.com/FFmpeg/FFmpeg/commit/b946bd8ef2c7aeee09469a4901182a44f9b67189 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
this is already fixed in 3.2.6 that can go stable by the way: http://ffmpeg.org/security.html FFmpeg 3.2 3.2.6 Fixes following vulnerabilities: CVE-2017-9993, 25dac3128b605f2867e3e0f0288b896f84d3a033 / 189ff4219644532bdfa7bab28dfedaee4d6d4021 CVE-2017-9993, 5415c88e370692a3cf10b998ab230b4a02fc237f / a5d849b149ca67ced2d271dc84db0bc95a548abb 3.2.5 Fixes following vulnerabilities: CVE-2017-9991, 85c8c0c826e78d159ea242ce64d7e8feeeeca741 / 441026fcb13ac23aa10edc312bdacb6445a0ad06 CVE-2017-9992, 536af4212100dee1577fe2d30814762c58038efc / f52fbf4f3ed02a7d872d8a102006f29b4421f360b CVE-2017-9994, 869e8b1d0f549e926ecb246f916c9066f881db4a / 6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef CVE-2017-9996, 7a69c1b2abfa96f0578cbd3ff82126b883ba6ef0 / e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d CVE-2017-9996, 7f3a671ece8fd711e2ebc71a4e08cda591d810a8 / 1e42736b95065c69a7481d0cf55247024f54b660 so you might want to use only one bug for all those
An automated check of this bug failed - repoman reported dependency errors (17 lines truncated): > dependency.bad media-video/ffmpeg/ffmpeg-3.2.6.ebuild: DEPEND: sparc(default/linux/sparc/13.0) ['>=media-libs/chromaprint-1.2-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/libebur128-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/kvazaar[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/openh264-1.4.0-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/libilbc-2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/rubberband-1.8.1-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/libsdl2[sound,video,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/zimg[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]'] > dependency.bad media-video/ffmpeg/ffmpeg-3.2.6.ebuild: RDEPEND: sparc(default/linux/sparc/13.0) ['>=media-libs/chromaprint-1.2-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/libebur128-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/kvazaar[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/openh264-1.4.0-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/libilbc-2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/rubberband-1.8.1-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/libsdl2[sound,video,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/zimg[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]'] > dependency.bad media-video/ffmpeg/ffmpeg-3.2.6.ebuild: DEPEND: sparc(default/linux/sparc/13.0) ['>=media-libs/chromaprint-1.2-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/libebur128-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/kvazaar[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/openh264-1.4.0-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/libilbc-2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/rubberband-1.8.1-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/libsdl2[sound,video,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', 'media-libs/zimg[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
media-plugins/gst-plugins-libav[libav] is affected then as well, due to bundled ffmpeg usage in case of USE=libav (libav is not supported anymore, but we've tried to let things not clash for those that prefer system libav). gst-plugins-libav-1.10.5 updates the bundled version to 3.2.5 for fixing those vulnerabilities, but not 3.2.6. Stabilization of 1.10.5 is ongoing in bug 624180
ia64 stable
arm stable
amd64 stable
x86 stable
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
An automated check of this bug succeeded - the previous repoman errors are now resolved.
GLSA Vote: No