Bug 31175

Summary: ffmpeg new security issue CVE-2022-3964
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Stig-Ørjan Smelror <smelror>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ffmpeg-5.1.2-2.mga9.src.rpm CVE:
Status comment: Patch available from upstream

Description David Walser 2022-11-23 20:51:09 CET 
SUSE has issued an advisory today (November 23):
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013090.html

Mageia 8 is also affected.
David Walser 2022-11-23 20:51:20 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from upstream

Comment 2 Lewis Smith 2022-11-23 21:07:06 CET 
Another one for you, Stig.

Assignee: bugsquad => smelror

Comment 3 Stig-Ørjan Smelror 2022-11-23 23:08:12 CET 
ffmpeg 5.1.2-3 pushed to Cauldron.

MGA8 is not affected as the source file doesn't exist in ffmpeg 4.3.5. Looks like it was introduced in 4.4.x.

Cheers,
Stig

Whiteboard: MGA8TOO => (none)

Comment 4 David Walser 2022-11-23 23:10:06 CET 
Thanks!

Status: NEW => RESOLVED
Resolution: (none) => FIXED