There are new security issues fixed in FFmpeg 1.2.x since our last avidemux update to FFmpeg 1.2.10: http://ffmpeg.org/security.html Update to FFmpeg 1.2.12 checked into SVN. Freeze push requested for Cauldron. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Updated packages uploaded for Mageia 4 and Cauldron. Note that there are both core and tainted builds for this package. Testing procedures: https://bugs.mageia.org/show_bug.cgi?id=13643#c8 https://bugs.mageia.org/show_bug.cgi?id=14562#c6 Advisory: ======================== Updated avidemux packages fix security vulnerabilities: The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file (CVE-2014-9316). The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 1.2.11 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file (CVE-2014-9317). The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 1.2.11 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data (CVE-2014-9603). libavcodec/utvideodec.c in FFmpeg before 1.2.11 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the restore_median and restore_median_il functions (CVE-2014-9604). An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg, in order to trigger a denial of service (CVE-2015-1872). Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 1.2.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data (CVE-2015-3417). Avidemux is built with a bundled set of FFmpeg libraries. The bundled FFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these security issues and other bugs fixed upstream in FFmpeg. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9316 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9317 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9604 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1872 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3417 http://vigilance.fr/vulnerability/FFmpeg-unreachable-memory-reading-via-mjpegdec-c-16213 http://git.videolan.org/?p=ffmpeg.git;a=log;h=n1.2.12 http://ffmpeg.org/olddownload.html http://ffmpeg.org/security.html ======================== Updated packages in {core,tainted}/updates_testing: ======================== libavidemux-2.6.6-2.3.mga4 avidemux-devel-2.6.6-2.3.mga4 from avidemux-2.6.6-2.3.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
Testing complete mga4 32 Opened various video files and checked the file information.
Whiteboard: (none) => has_procedure mga4-32-ok
Testing complete mga4 64
Whiteboard: has_procedure mga4-32-ok => has_procedure mga4-32-ok mga4-64-ok
Validating. Advisory uploaded with tainted srpm too. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0233.html
Status: NEW => RESOLVEDResolution: (none) => FIXED