Bug 25109 - FFmpeg 4.1.4
Summary: FFmpeg 4.1.4
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-07-11 14:47 CEST by David Walser
Modified: 2019-08-11 20:51 CEST (History)
3 users (show)

See Also:
Source RPM: ffmpeg-4.1.3-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-07-11 14:47:53 CEST 
FFmpeg 4.1.4 has been released on July 8:
https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4

As usual, there are some security fixes.

Updated packages submitted for Mageia 7 and Cauldron.

Advisory to come later.
Comment 1 David Walser 2019-07-11 20:23:48 CEST 
Note that there are core and tainted builds for this package.

Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=8065#c6
https://bugs.mageia.org/show_bug.cgi?id=14042#c6

Advisory:
========================

Updated ffmpeg packages fix security vulnerabilities:

This update provides ffmpeg version 4.1.4, which fixes several security
vulnerabilities and other bugs which were corrected upstream.

References:
https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4
http://ffmpeg.org/download.html
http://ffmpeg.org/security.html
========================

Updated packages in {core,tainted}/updates_testing:
========================
ffmpeg-4.1.4-1.mga7
libavcodec58-4.1.4-1.mga7
libpostproc55-4.1.4-1.mga7
libavformat58-4.1.4-1.mga7
libavutil56-4.1.4-1.mga7
libavresample4-4.1.4-1.mga7
libswscaler5-4.1.4-1.mga7
libavfilter7-4.1.4-1.mga7
libswresample3-4.1.4-1.mga7
libffmpeg-devel-4.1.4-1.mga7
libffmpeg-static-devel-4.1.4-1.mga7

from ffmpeg-4.1.4-1.mga7.src.rpm
Dave Hodgins 2019-07-11 21:19:32 CEST

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA6-64-OK MGA6-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 2 Brian Rockwell 2019-07-11 21:46:52 CEST 
- ffmpeg-4.1.4-1.mga7.x86_64
- lib64avcodec58-4.1.4-1.mga7.x86_64
- lib64avfilter7-4.1.4-1.mga7.x86_64
- lib64avformat58-4.1.4-1.mga7.x86_64
- lib64avresample4-4.1.4-1.mga7.x86_64
- lib64avutil56-4.1.4-1.mga7.x86_64
- lib64postproc55-4.1.4-1.mga7.x86_64
- lib64swresample3-4.1.4-1.mga7.x86_64
- lib64swscaler5-4.1.4-1.mga7.x86_64

$ ffmpeg -v
ffmpeg version 4.1.4 Copyright (c) 2000-2019 the FFmpeg developers
  built with gcc 8.3.1 (Mageia 8.3.1-0.20190524.1.mga7) 20190524
  
I converted a bunch of FLAC files to MP3 - no issues.  I'll try some other formats.

Converted a bunch of ogg files to MP3 - no issues


Videos

ffmpeg -i snow.avi  snow2.flv

ffmpeg -i snow.avi  snow2.wmv

Both conversions worked without issue and they played.

Whiteboard: MGA6-64-OK MGA6-64-OK => MGA6-64-OK MGA6-64-OK MGA7-64-OK
CC: (none) => brtians1

David Walser 2019-07-11 21:55:47 CEST

Whiteboard: MGA6-64-OK MGA6-64-OK MGA7-64-OK => MGA7-64-OK

Comment 3 Mageia Robot 2019-07-11 22:51:26 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0208.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2019-08-11 20:51:51 CEST 
CVE-2019-12730 was fixed in 4.1.4.
Note You need to log in before you can comment on or make changes to this bug.