Bug 25109

Summary: FFmpeg 4.1.4
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: brtians1, davidwhodgins, sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: ffmpeg-4.1.3-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-07-11 14:47:53 CEST 
FFmpeg 4.1.4 has been released on July 8:
https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4

As usual, there are some security fixes.

Updated packages submitted for Mageia 7 and Cauldron.

Advisory to come later.
Comment 1 David Walser 2019-07-11 20:23:48 CEST 
Note that there are core and tainted builds for this package.

Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=8065#c6
https://bugs.mageia.org/show_bug.cgi?id=14042#c6

Advisory:
========================

Updated ffmpeg packages fix security vulnerabilities:

This update provides ffmpeg version 4.1.4, which fixes several security
vulnerabilities and other bugs which were corrected upstream.

References:
https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4
http://ffmpeg.org/download.html
http://ffmpeg.org/security.html
========================

Updated packages in {core,tainted}/updates_testing:
========================
ffmpeg-4.1.4-1.mga7
libavcodec58-4.1.4-1.mga7
libpostproc55-4.1.4-1.mga7
libavformat58-4.1.4-1.mga7
libavutil56-4.1.4-1.mga7
libavresample4-4.1.4-1.mga7
libswscaler5-4.1.4-1.mga7
libavfilter7-4.1.4-1.mga7
libswresample3-4.1.4-1.mga7
libffmpeg-devel-4.1.4-1.mga7
libffmpeg-static-devel-4.1.4-1.mga7

from ffmpeg-4.1.4-1.mga7.src.rpm
Dave Hodgins 2019-07-11 21:19:32 CEST

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA6-64-OK MGA6-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 2 Brian Rockwell 2019-07-11 21:46:52 CEST 
- ffmpeg-4.1.4-1.mga7.x86_64
- lib64avcodec58-4.1.4-1.mga7.x86_64
- lib64avfilter7-4.1.4-1.mga7.x86_64
- lib64avformat58-4.1.4-1.mga7.x86_64
- lib64avresample4-4.1.4-1.mga7.x86_64
- lib64avutil56-4.1.4-1.mga7.x86_64
- lib64postproc55-4.1.4-1.mga7.x86_64
- lib64swresample3-4.1.4-1.mga7.x86_64
- lib64swscaler5-4.1.4-1.mga7.x86_64

$ ffmpeg -v
ffmpeg version 4.1.4 Copyright (c) 2000-2019 the FFmpeg developers
  built with gcc 8.3.1 (Mageia 8.3.1-0.20190524.1.mga7) 20190524
  
I converted a bunch of FLAC files to MP3 - no issues.  I'll try some other formats.

Converted a bunch of ogg files to MP3 - no issues


Videos

ffmpeg -i snow.avi  snow2.flv

ffmpeg -i snow.avi  snow2.wmv

Both conversions worked without issue and they played.

Whiteboard: MGA6-64-OK MGA6-64-OK => MGA6-64-OK MGA6-64-OK MGA7-64-OK
CC: (none) => brtians1

David Walser 2019-07-11 21:55:47 CEST

Whiteboard: MGA6-64-OK MGA6-64-OK MGA7-64-OK => MGA7-64-OK

Comment 3 Mageia Robot 2019-07-11 22:51:26 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0208.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2019-08-11 20:51:51 CEST 
CVE-2019-12730 was fixed in 4.1.4.