openSUSE has issued an advisory today (January 25): https://lists.opensuse.org/opensuse-updates/2018-01/msg00088.html Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Fedora has issued an advisory for this on January 23: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K7IIUY6YMQMZRGUJWQTDO45UHYP4222K/
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => cjw, marja11
I ported the commit from libvpx 1.7.0 in git to 1.5.0 and verified that playback still works in chromium (youtube videos reported as VP9 + opus). Updated packages are in updates_testing. SRPM libvpx-1.5.0-3.1.mga6.src.rpm RPMS i586: libvpx3-1.5.0-3.1.mga6.i586.rpm libvpx-devel-1.5.0-3.1.mga6.i586.rpm libvpx-utils-1.5.0-3.1.mga6.i586.rpm x86-64: lib64vpx3-1.5.0-3.1.mga6.x86_64.rpm lib64vpx-devel-1.5.0-3.1.mga6.x86_64.rpm libvpx-utils-1.5.0-3.1.mga6.x86_64.rpm armv5: libvpx3-1.5.0-3.1.mga6.armv5tl.rpm libvpx-devel-1.5.0-3.1.mga6.armv5tl.rpm libvpx-utils-1.5.0-3.1.mga6.armv5tl.rpm armv7: libvpx3-1.5.0-3.1.mga6.armv7hl.rpm libvpx-devel-1.5.0-3.1.mga6.armv7hl.rpm libvpx-utils-1.5.0-3.1.mga6.armv7hl.rpm
Thanks Christiaan! I backported your patch to Mageia 5 and fixed the Mageia 6 SPEC to put the subrel in the correct place. Do you have a URL of a video that uses this? Advisory: ======================== Updated libvpx packages fix security vulnerability: A flaw was found in libvpx related to odd frame width, which may lead to a denial of service (CVE-2017-13194). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13194 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K7IIUY6YMQMZRGUJWQTDO45UHYP4222K/ ======================== Updated packages in core/updates_testing: ======================== libvpx1-1.3.0-3.2.mga5 libvpx-devel-1.3.0-3.2.mga5 libvpx-utils-1.3.0-3.2.mga5 libvpx3-1.5.0-3.1.mga6 libvpx-devel-1.5.0-3.1.mga6 libvpx-utils-1.5.0-3.1.mga6 from SRPMS: libvpx-1.3.0-3.2.mga5.src.rpm libvpx-1.5.0-3.1.mga6.src.rpm
Version: Cauldron => 6Whiteboard: MGA6TOO => MGA5TOOAssignee: pkg-bugs => qa-bugs
In chromium on cauldron and mga6, pretty much every recent youtube video plays in VP9+opus, but here are some random examples: CRAY has something new: https://www.youtube.com/watch?v=QAf6rOxLJL8 some dancing in LA: https://www.youtube.com/watch?v=cvCrYFfUE4o To check what kind of video(s) chromium is playing (youtube offers several formats): chrome://media-internals
Thanks again Christiaan. I used the chrome://media-internals to find that another link a friend sent me yesterday was also using vpx: https://www.youtube.com/watch?v=NswWvNf_0gU Working fine on Mageia 5 x86_64.
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
Likewise for Mageia 6 :: x86_64 Installed chromium-browser and updated the vpx libraries. Tried the suggested links and opened chrome://media-internals under another tab. This kept track of all the videos played and showed that they were using the vp9/opus codecs. OK for x86_64.
CC: (none) => tarazed25
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0112.html
Status: NEW => RESOLVEDResolution: (none) => FIXED