Bug 21548 - avidemux 2.7.0 updates bundled ffmpeg to 3.3.x
Summary: avidemux 2.7.0 updates bundled ffmpeg to 3.3.x
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-08-17 11:59 CEST by David Walser
Modified: 2017-08-21 22:59 CEST (History)
4 users (show)

See Also:
Source RPM: avidemux-2.6.20-2.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-08-17 11:59:46 CEST 
Avidemux 2.7.0 has been released on August 15:
http://fixounet.free.fr/avidemux/news.html#2017-08-15

Since it updates the bundled ffmpeg to 3.3.x, I think we should update to this version for Mageia 5 (sync with the update I already did in Cauldron).  We really should also fix it to use our compiler flags so that the debug packages don't have to be disabled as I did in Cauldron.
Comment 1 Nicolas Lécureuil 2017-08-19 23:41:14 CEST 
pushed in updates_testing
src.rpm:
        avidemux-2.7.0-1.mga6

CC: (none) => mageia
Assignee: shlomif => qa-bugs

Comment 2 David Walser 2017-08-20 00:32:53 CEST 
We haven't fixed the compilation flags yet, and it also has a tainted version.

Assignee: qa-bugs => pkg-bugs

Comment 3 David Walser 2017-08-20 22:20:06 CEST 
Note that there are core and tainted builds of this package.

Advisory:
========================

Updated avidemux packages fix security vulnerabilities:

The avidemux package has been updated to version 2.7.0.  Avidemux includes a
bundled copy of the ffmpeg libraries, which have been updated from version
3.0.7 to version 3.3.3, fixing several security issues and other bugs.

References:
http://fixounet.free.fr/avidemux/news.html#2017-08-15
http://ffmpeg.org/security.html
========================

Updated packages in {core,tainted}/updates_testing:
========================
libavidemux-2.7.0-1.mga6
avidemux-devel-2.7.0-1.mga6
avidemux-cli-2.7.0-1.mga6
avidemux-qt-2.7.0-1.mga6
avidemux-plugins-2.7.0-1.mga6
avidemux-cli-plugins-2.7.0-1.mga6
avidemux-qt-plugins-2.7.0-1.mga6

from avidemux-2.7.0-1.mga6.src.rpm

Assignee: pkg-bugs => qa-bugs

Comment 4 Len Lawrence 2017-08-21 02:02:33 CEST 
mga6  x86_64  Mate

Updated from Core Updates Testing

$ rpm -qa | grep avidemux
avidemux-qt-plugins-2.7.0-1.mga6
avidemux-cli-2.7.0-1.mga6
lib64avidemux-2.7.0-1.mga6
avidemux-plugins-2.7.0-1.mga6
avidemux-cli-plugins-2.7.0-1.mga6
avidemux-qt-2.7.0-1.mga6
avidemux-devel-2.7.0-1.mga6

$ avidemux3_qt5

Opened a short m4v film clip, played it and cut off the first minute and played it again.  Removed about 25 seconds from the end and saved the result as an mkv file.  Closed the interface and played the shortened clip in vlc.  No loss of quality.

Enabled Tainted Updates Testing and replaced the packages.

Opened an mp4 file using avidemux3_qt5.  Trimmed bits off at the start and the end.  Tried to convert the initial 4:3 aspect ratio to 16:9 but that failed.  Otherwise good.

CC: (none) => tarazed25

Len Lawrence 2017-08-21 02:03:11 CEST

Whiteboard: (none) => MGA6-64-OK

Comment 5 Lewis Smith 2017-08-21 20:10:44 CEST 
Validating (this is M6 only); advisory to do.

CC: (none) => lewyssmith, sysadmin-bugs
Keywords: (none) => validated_update

Lewis Smith 2017-08-21 22:12:00 CEST

Whiteboard: MGA6-64-OK => MGA6-64-OK advisory

Comment 6 Mageia Robot 2017-08-21 22:59:09 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0295.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.